locked
Windows 2008 Certificate Renewal Problem RRS feed

  • Question

  • server: Windows 2008 SP2 (not R2) 64-bit domain controller

    When attempting to renew a certificate
    (cert, right-click) --> All Tasks --> Advanced Options --> Renew This Certificate With The Same Key
    I get the following error message:
    Enrollment Error
    The request contains no certificate template information.
    The "Resolution" in Microsoft KB 910249 :
    To resolve this issue, use an alternative method to request certificates from an enterprise CA. For more information, visit the following Microsoft Web page: http://technet.microsoft.com/en-us/l.../cc782583.aspx
    The "Advanced Certificate Enrollment and Management" white paper describes various methods for requesting certificates from an enterprise CA. For example, you can request certificates by using the Web-based CA interface, by creating .inf files that contain certificate information, by using the Certreq.exe utility, and by using the Certutil.exe utility.
    While the white paper contains a lot of information about new certificate requests (and I have used certreq in the recent past), there was no useful information about renewing certificates.

    A little more searching brought me to certutil , but when I run it, I get
    C:\Windows\system32>certutil -renewCert
    CertUtil: The system cannot find the file specified.

    This may seem like a stupid question, but what file is it looking for?


    UPDATE: I get the same message if I select "Renew Certificate With New Key..." and "Advanced Options" --> "Request New Certificate With The Same Key"

     

    A screenshot can be seen at http://www.petri.co.il/forums/showthread.php?p=237337 , where I've posted the same question.


    Friday, May 6, 2011 12:24 AM

Answers

  • this is because your current certificate is issued by Comodo CA server that don't use certificate templates, therefore you cannot directly renew this certificate at your enterprise CA. Probably you need to go through initial certificate request procedure.
    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    • Proposed as answer by Rick Tan Monday, May 9, 2011 6:23 AM
    • Marked as answer by Rick Tan Thursday, May 12, 2011 5:17 AM
    Friday, May 6, 2011 5:58 AM