Certificate request fails with error message "The request is missing required signature policy information. 0x80094809 (-2146875383 CERTSRV_E_SIGNATURE_POLICY_REQUIRED)".

Assume the following scenario:

• A user sends a certificate request to a certificate authority.
• The certificate request fails with the following error message:

The request is missing required signature policy information. 0x80094809 (-2146875383 CERTSRV_E_SIGNATURE_POLICY_REQUIRED)
Denied by Policy Module

The Certification Authority will use the Event no. 53 log with the same error code.

Cause

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

This error occurs when the certificate template requires the certificate request to include a signature from a certificate enrollment agent (Enrollment Agent) is required, but the submitted certificate request does not contain such a requirement.

Solution

The certificate request must contain the signature of a certificate enrollment agent.

Alternatively (but in most cases not useful), the certificate template can be customized so that it no longer requires a signature.

Related links:

• Basics: Enroll on Behalf of (EOBO)

External sources

• msPKI-RA-Signature (Microsoft)