Assume the following scenario:
- An attempt is made to request a certificate via Windows PowerShell using Certificate Enrollment Web Services. The name of the certificate template is included with the -Template argument.
- The request fails with the following error message:
Get-Certificate : CertEnroll::CX509CertificateTemplates::get_ItemByName: Cannot find object or property. 0x80092004
(-2146885628 CRYPT_E_NOT_FOUND)
The Certificate Enrollment Web Services (Certificate Enrollment Policy Web Service, CEP, and Certificate Enrollment Web Service, CES) enable the automatic request and renewal of certificates from a certification authority via a Web-based interface. This eliminates the need to contact the certification authority directly via Remote Procedure Call (RPC). For a more detailed description, see the article "Certificate request basics via Certificate Enrollment Web Services (CEP, CES)„.
Example command:
Get-Certificate `
-Url "https://cews.adcslabor.de/ADPolicyProvider_CEP_Kerberos/service.svc/CEP" `
-template "ADCSLaboratoryUser" `
-CertStoreLocation Cert:\CurrentUser\My
The certificate template is also not displayed when requesting via the Microsoft Management Console (MMC). If no other certificate templates are available for the request via a Certificate Enrollment Web Service (CES), the list of certificate templates in the MMC is empty, and there is also no "Show hidden Templates" option (see also article "Requesting a certificate fails with the error message "You cannot request a certificate at this time because no certificate types are available."„).
Possible causes:
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
- The requested certificate template is not available through a certificate enrollment web service.
- The requested certificate template is not displayed by the Certificate Enrollment Policy Service.
Details: The requested certificate template is not available through a certificate enrollment web service.
The requested certificate template must, of course, also be published on a certification authority that can be accessed via a certificate enrollment web service (CES). For a more detailed description of how this works, see the article "Certificate request basics via Certificate Enrollment Web Services (CEP, CES)„.
Details: The requested certificate template is not displayed by the Certificate Enrollment Policy Service.
There is a known bug in the Certificate Enrollment Web Service (CEP) that causes certificate templates whose compatibility is set to Windows 10 or Windows Server 2016 not to display. For more details, see the article "Certificate Enrollment Policy Service does not display certificate templates configured for compatibility with Windows Server 2016 or Windows 10„.
In this case, the certificate template compatibility must be configured on Windows Server 2012 R2 or smaller, if possible.
One thought on “Die Beantragung eines Zertifikats über die Zertifikatregistrierungs-Webdienste mittels Windows PowerShell schlägt fehlt mit Fehlermeldung „Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)“”
Comments are closed.