Remote desktop certificate request fails with error message "The requested certificate template is not supported by this CA."

Author Uwe GradeneggerPosted on Categories Troubleshooting, Certificate usageTags , ,

Assume the following scenario:

The RD Session Host server cannot install a new template-based certificate to be used for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption. The following error occurred: The requested certificate template is not supported by this CA.

Under certain circumstances, the Event with ID 52 of source Microsoft-Windows-CertificateServicesClient-CertEnroll logged.

Cause

It is recommended to work with autoenrollment for Remote Desktop certificates and not via certificate application by the Remote Desktop session host. For more details, see the article "Configuring a Certificate Template for Remote Desktop (RDP) Certificates„.

The error message "The requested certificate template is not supported by this CA." is misleading. The underlying cause in most cases is one of the following:

  • The certificate template is not published on any certification authority
  • There is no trust status to the certification authority

Details: The certificate template is not published on any certification authority

If the certificate template configured in the group policy is not published on any certificate authority, no certificate request can be made. It is also important to check whether the name of the certificate template has been entered correctly in the group policy.

Details: There is no trust status to the certification authority

This is usually the case when the root CA certificate has not been distributed to the clients or the certificate chain cannot be completed to the root CA.

The trust status to the certification authority hierarchy must be established. See the following articles:

Related links:

en_USEnglish
de_DEDeutsch en_USEnglish