But that doesn't stop us.

My previous series of posts on configuring a CA hierarchy led my friends and colleagues to believe I might know a thing or two about running one - so I end up issuing certificates to them. The most recent request came from a web server where a friend was playing with an iPhone and ActiveSync. Yes, this is an IIS Web Server. I'm submitting it to my Enterprise CA.

I load up the Certification Authority console, and attempt to submit the request - no dice. Lo and behold, Microsoft KB 910249 came and bit me.

Certificate Request Processor

The request contains no certificate template information. 0x80094801 (-2146875391)
Denied by Policy Module 0x80094801, the request does not contain a certificate template extension or the Certificate Template request attribute.

Microsoft's resolution: Generate the request some other way.

Stuff that.

My solution:

certreq -submit -attrib "CertificateTemplate: WebServer" WebServerCertReq.txt

The key is the extra attribute we add to force use of the template. The certificate is issued and we can go and import it to the web server.