Monday, November 12, 2012 10:31 PM
I've built Enterprise Root CA in my domain from scratch, made enrollment agent and issued cert for him. When i try to Enroll On Behalf Of... I can issue, for example Basic EFS or User certificate, but I can't issue Smartcard Logon or Smartcard User certificate. When I click enroll, I get following massage:
Failed to install one or more certificates
STATUS: Request denied
The signature of the certificate cannot be verified.
Error Constructing or Publishing Certificate The Request ID is x.
On my client maschine, where I'm logged as enrollment agent, and from where I'm issuing certificates, in event log I get Event ID 13:
Certificate enrollment for DZPANCEVO\enrollagent failed to enroll for a SmartcardUser certificate with request ID 14 from dc1.dzpancevo.org\dzpancevo-DC1-CA (The signature of the certificate cannot be verified. 0x80096004 (-2146869244)).
On my CA server, I get Event ID 53:
Active Directory Certificate Services denied request 14 because The signature of the certificate cannot be verified. 0x80096004 (-2146869244). The request was for Efirstname.lastname@example.org, CN=xxx xxxxxx, OU=xxxx, OU=xxx Users, DC=xxxx, DC=xxx. Additional information: Error Constructing or Publishing Certificate
I'm stuck here, we bought smart cards for all users in organization and they are all waithing for me to implement them. I'll appreciate any help.
Tuesday, November 13, 2012 7:04 AMThere might be several possible causes for the ADCS Event ID 53.
Event ID 53 — AD CS Certificate Request (Enrollment) Processing
Tuesday, November 13, 2012 9:17 AMofc I checked that link (direct link from event viewer), passed all steps but nothing is wrong. I just dont understand this event id of this massage and this: The signature of the certificate cannot be verified. Does this mean that my enrollment agent certificate have problems?
Tuesday, November 13, 2012 11:21 AM
I think this is because your smart card uses custom CSP and custom (non-RSA) algorithm to generate key pairs. To resolve this issue, smart card middleware (along with CSP) must be installed on all machines.
- Marked As Answer by bojantr Friday, November 16, 2012 2:22 PM