189 questions
189 questions with Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI) tags
1 answer
Enterprise CA generates multiple CRL's
Hi! I have PKI infrastructure: Offline standalone root CA. Non Domain, windows server 2022 Online subordinate issuing enterprise CA. Domain, windows server 2022 And I see something weird: there are multiple CRLs in…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-09-16T10:24:50.1+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Евгений Котляревский
61
Reputation points
commented 2026-01-16T05:35:24.3766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 0%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Brain Storm
0
Reputation points
3 answers
One of the answers was accepted by the question author.
PKI - Certificate Templates: DACL assessment
Hi everyone, I've created a script to assess the grant on SubCA templates in the Security tab. The resulting script returns a .csv file and an .html file. Can you tell me if it's working properly for you and if it's structured and written properly? I…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-10-17T09:20:49.8066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 11%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E4%3C/text%3E%3C/svg%3E)
49885604
235
Reputation points
answered 2026-01-16T05:12:18.51+00:00
Brain Storm
0
Reputation points
1 answer
Two Identical "Computer" Templates; cannot identify which one is legacy
I'm attempting to delete a legacy "Computer" template that only has a 1024 public key. Inside certsrv.msc >> Certificate Templates this is what I see When I right-click >> Properties I get this page which is the exact same on…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-01-06T15:26:46.9633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 63%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Val3y
20
Reputation points
commented 2026-01-16T04:12:45.59+00:00
Brain Storm
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Windows Server 2025 Enterprise CA not populating User Certificate Subject DN from Active Directory
Hello. I've met a problem on my non-prod environment and cannot understand if the issue is real or I am undereducated. I've spent lot of time troubleshhoting it with Claude and still no solution. Is there a bug or my huge…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 68%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
2 answers
Windows Computers Intune joined, have intermittent disconnect to AD/ print services.
We have several windows computers joined to Intune; while communicating to a on prem DC on Server 2025. Several months before I joined, the windows computers started having issues connecting to the print servers. They will get the "unable to…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-12-15T03:09:44.5133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 37%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
Jon (Admin)
0
Reputation points
answered 2025-12-15T03:53:32.9366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 61%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Harry Phan
12,275
Reputation points
Independent Advisor
2 answers
One of the answers was accepted by the question author.
How to convert subordinate Issuing CA to Enterprise CA?
Have a two tier PKI infrastructure with a (non-domain joined) Enterprise PKI and a domain joined, AD integrated issuing PKI. Certificates are used only for internal purposes. A single domain joined enterprise PKI would be sufficient and would eliminate…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-12-09T10:17:39.7266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 99%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFS%3C/text%3E%3C/svg%3E)
Franz Schenk
386
Reputation points
commented 2025-12-09T13:38:57.9633333+00:00
Franz Schenk
386
Reputation points
3 answers
One of the answers was accepted by the question author.
Certificate Template Issued from CA Server Not Showing on Client During Certificate Request
Hello, I am trying to set up ADFS from a client server that has joined the domain with an ADDS server. The ADDS server also has a CA installed. The problem is that I already created a certificate template, added "Domain Computers" in the…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-12-04T08:23:06.2266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 1%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Arya Abdul Azis
20
Reputation points
accepted 2025-12-05T09:52:40.1366667+00:00
Arya Abdul Azis
20
Reputation points
3 answers
One of the answers was accepted by the question author.
license document
We lost the license document and the CD. What should we do? We only have the backup key windows server 2022 ROK 16core invoice 4100754 @bangkok thailand
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-12-01T07:23:05.4433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 37%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Chiraphan Thapthap
20
Reputation points
commented 2025-12-04T01:44:53.2833333+00:00
Brian Huynh (WICLOUD CORPORATION)
2,350
Reputation points Microsoft External Staff
Moderator
1 answer
Certificate Authority Migration - CDP Location #1 Unable to Download
I am following the guide published here https://learn.microsoft.com/en-us/troubleshoot/windows-server/certificates-and-public-key-infrastructure-pki/move-certification-authority-to-another-server To Migrate Certificate authority from an ancient server…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-11-20T20:50:10.2533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 47%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Justin Mattingly
0
Reputation points
commented 2025-12-04T00:53:59.4+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 26%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Kate Pham (WICLOUD CORPORATION)
430
Reputation points Microsoft External Staff
Moderator
3 answers
Cannot get OCSP working even though all certs are fine
Hi, I am creating an internal PKI service. I have got an offline RootCA and 2 standalone SubCa's. These are operational and signing certificates. I have created ocsp certs with No Rev Check & OCSP Signing OIDs added. The online responder is up and…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-11-19T13:50:38.03+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 74%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Matt Axton
5
Reputation points
answered 2025-12-01T16:46:23.64+00:00
Matt Axton
5
Reputation points
2 answers
Windows Admin Center Can't Access .local Domain After .com Cert Install
This is a new install of Admin Center. I initially installed it using the self signed cert and setup our new cluster. So I can see several servers and they are currently working as of this writing. Our domain is .local. But I installed a wildcard…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-11-04T18:08:47.92+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 31%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Joe Hinkle
0
Reputation points
edited an answer 2025-11-28T08:00:40.3+00:00
Kate Pham (WICLOUD CORPORATION)
430
Reputation points Microsoft External Staff
Moderator
2 answers
One of the answers was accepted by the question author.
SubjectAltName custom policy module in MIM CM
Hi. We are setting up a Microsoft-based smartcard issuance production system consisting of a CA server, AD server that will contain the SQL as well, and a MIM portal server. We have an old system currently running FIM 2010 (on 2008r2 servers) in a…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 82%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
4 answers
Certificate-based authentication failing for domain-joined devices
We have successfully setup Certificate Base Authentication with our Hybrid environment. Many months later we are unable to log in locally using certificates. We get 2 errors when trying to log in. Signing in with a smart card isn't supported for…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-11-05T17:48:00.7666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Anthony Montaleone
0
Reputation points
answered 2025-11-23T08:43:23.0133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 16%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VPHAN
17,970
Reputation points
Independent Advisor
8 answers
Remove old Windows 2012 R2 AD Cs and set up new in Windows 2025
I have a Windows 2012 R2 with AD CS installed. Is it possible to simply remove the feature. I plan to set up a new one in a WIndows 2025. I want to set up new as the old name is not right. Currently the AD CS in the old server is only issues certificates…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-11-03T09:56:43.64+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 19%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZA%3C/text%3E%3C/svg%3E)
Zulkefli Aris
0
Reputation points
accepted 2025-11-13T11:19:29.0433333+00:00
Zulkefli Aris
0
Reputation points
2 answers
Setting up Two CEP Services for Cross Forest Certificate Enrollment defaults to old CA
I am trying to implement a new CA to replace our old one. I had implemented the current CA, we use cross-forest cert enrollment for a trusted domain. It has been working for a long time. I have added a new CA with new certs and keys and roots. I'm…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-11-11T18:12:39.2466667+00:00
ComputerHabit
1,051
Reputation points
edited a comment 2025-11-12T14:02:59.94+00:00
ComputerHabit
1,051
Reputation points
1 answer
Strong Certificate Mapping Enforcement for offline certificate requests
Hello folks, In our corporate network 802.1X affects all devices. So far, we requested certificate for network printers using our internal CA, so we installed these certificates on our network printers. How can I add the OID 1.3.6.1.4.1.311.25.2…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 34%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
3 answers
Renew / Recreate User Certificates
We have several remote users that their user certificates have expired. We are using a single Windows Server CA. I am trying to renew or create new certificates for the users, export the certificate and send the certificate to the users. When I try to…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-11-03T15:13:54.6666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 41%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
Daniel Andryszak
121
Reputation points
answered 2025-11-04T12:09:35.4333333+00:00
Harry Phan
12,275
Reputation points
Independent Advisor
1 answer
One of the answers was accepted by the question author.
I need to install an SSL certificate on a Windows Server 2022 Standard and Go Daddy wants me to choose my server type. What is the server type?
I am not an IT person and I need to install a new SSL certificate on our server. I found out we have a Microsoft Server 2022 Standard. Go Daddy wants me to choose from the below list of server types to download the certificate, but I don't know how to…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-10-30T19:50:54.5966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 19%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQC%3C/text%3E%3C/svg%3E)
QIC Christi
20
Reputation points
edited the question 2025-11-03T06:27:28.13+00:00
Kate Pham (WICLOUD CORPORATION)
430
Reputation points Microsoft External Staff
Moderator
1 answer
One of the answers was accepted by the question author.
Server Certificate Regeneration Issue
Unable to request new certificates with the same key. Purpose is for LDAPS. I noticed the certificates have not been renewed for almost 2 years. When I attempt to renew, I encounter the issue shown in the screenshot below. Can anyone shed a light as to…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-10-20T18:01:16.9866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 82%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Carlos Sanchez
20
Reputation points
accepted 2025-10-21T19:49:06.16+00:00
Carlos Sanchez
20
Reputation points
2 answers
RPC Server Unavailable (0x800706ba) when adding Certificate Template on Local CA/DC
I'm encountering an issue when trying to add a new certificate template to issue on my Certification Authority (CA) server. The CA is installed on a local server that also functions as a Domain Controller (DC) in my environment. When I navigate to…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-10-22T23:48:49.2733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 70%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Jorenzo Lucero
0
Reputation points
answered 2025-10-25T04:19:56.72+00:00
Harry Phan
12,275
Reputation points
Independent Advisor