Troubleshoot Certificate-related Problems

  • Article

Applies To: Windows Server 2008

This section lists a few common issues you may encounter when using the Certificates snap-in or working with certificates.

What problem are you having?

  • I cannot enroll for a new certificate using the Certificate Request Wizard.

  • I get a message indicating that I need to enroll for a new certificate, but the enrollment process fails.

  • I cannot enroll for a new certificate over the Web.

  • I am no longer able to use my certificate

I cannot enroll for a new certificate using the Certificate Request Wizard.

Cause: The type of certificate you are requesting is not available.

Solution: Contact your administrator.

I get a message indicating that I need to enroll for a new certificate, but the enrollment process fails.

Cause: In order for clients to receive certificates, they need to be able to contact the certification authority (CA) that will process the request.

Solution: If a CA is intended to be offline, the certificate request must be processed manually by copying it to removable media and physically carrying it to the CA for processing. Otherwise, wait until the CA is once again online and try again.

Cause: If the CA is online but enrollment still fails, it may be the autoenrollment permissions have not been configured properly.

Solution: An administrator must modify the access control list on the certificate template to grant Read, Enroll, and Autoenroll permissions for the intended recipients of the certificate.

I cannot enroll for a new certificate over the Web.

Cause: The certification authority that you are attempting to contact needs to be updated to process certificate requests from this version of Windows clients.

Solution: Contact your administrator

Cause: Enhanced Internet Explorer security prevents you from accessing the Web site associated with the CA.

Solution: Add the Web address of the CA to Trusted sites in Internet Explorer. You can locate the Security tab by clicking Internet Options on the Tools menu.

I am no longer able to use my certificate

**Cause:**The certificate has expired or is not valid for the intended purpose.

**Solution:**View the certificate to determine its expiration date. If it has expired, use the Certificate Renewal Wizard to renew the certificate. If it has not expired, verify that the certificate is valid for your desired purpose. If it is not, request a new certificate for the desired purpose.