Assume the following scenario:
- A Certificate Authority Web Enrollment (CAWE) server is installed on the network.
- The role is installed on a separate server, not on the certification authority directly.
- A user attempts to submit an existing certificate request to the certification authority via the certification authority web enrollment.
- The desired certificate template is missing from the list of selectable certificate templates, or the list is completely empty.
- If the list is empty, the following error message is also issued:
No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.
The certificate authority web registration is a very old feature from Windows 2000 times - and was last adapted with the release of Windows Server 2003. Accordingly, the code is old and potentially insecure. Likewise, the function supports No certificate templates with version 3 or newer - This means that certificate templates that use functions introduced with Windows Vista / Windows Server 2008 or newer cannot be used. It is recommended that you do not use the certificate authority web registration and instead request certificates via on-board resources or the PSCertificateEnrollment PowerShell module.
Cause
Possible causes can be:
- The user has no permissions to request the certificate templates configured on the connected certificate authority.
- The certificate templates published on the connected certification authority are all templates of schema version 3 or newer. These certificate templates are not supported by CAWE and are not displayed accordingly. See article "Description of certificate template generations„.