It is possible to request a certificate from a Microsoft Certificate Authority with a Web browser.
The request is usually issued to the Certificate Authority (CA) in the form of "http://CA
/certsrv" (where CA
can be the FQDN or IP address of the Certificate Authority).
When you do so, the following message may be received:
Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 53
Certificate Services denied request % because Access is denied. 0x80070005 (WIN32: 5). The request was for (Unknown Subject). Additional information: Denied by Policy Module.
If you use the Certificate Management console to request the certificate, you may receive the following error message when you start the Microsoft Management Console (MMC) snap-in:
Cannot find a Certificate Authority to Process this Request.
This behavior can occur for the following reasons:
- The Certificate Authority service is not running.
- You do not have Read and Enroll permission for the template of the certificate that you are requesting.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
When a CA is installed, domain users and domain administrators are granted Enroll access, but authenticated users are granted Read access by default. This causes problems with child and parent domains, depending on where the CA is installed. This also causes some templates not to appear in the list of available templates in a Web browser.
Article ID: 239452 - Last Review: March 1, 2007 - Revision: 2.2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server