CertEnroll::CX509Enrollment::p_CreateRequest returns error 0x800b0112

Hi all,

One of the issues we may find when trying the code in my post How to create a certificate request that uses key archival with CertEnroll (JavaScript) is the following error when creating the request: 

CertEnroll::CX509Enrollment::p_CreateRequest: A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478)

This issue can occur if the CA certificate is not in client's Enterprise NTAuth store. The local NTAuth store can be manually populated using the utility certutil.exe:

Certutil -enterprise -addstore NTAuth CaCertificate.cer

More info here:

How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)