Follow

Error: RetrieveCertificate failed with error: No End Entity certificate found

Applies to:

Microsoft Certificate Authority and Venafi Trust Protection Platform 15.1 through 17.1

Update (November 15, 2017):

In Venafi Trust Protection Platform 17.2, it was updated so that the Microsoft Certificate Authority enrollment driver could support the issuance of intermediate root certificates.

See: https://support.venafi.com/hc/en-us/articles/115000336572 

Summary:

When enrolling against a Microsoft CA in Venafi, the error of "RetrieveCertificate failed with error: No End Entity certificate found" at stage 700. 

 

15.4summary.png

 

More Info:

The error is due to using a CA template on the CA that has the Key Usage of "Certificate signing" configured. That Key Usage signifies that a certificate has the capability of signing other certificates, or in other words, a subordinate CA. Typically the creation of CA certificates, for security reasons, can't be an automated process and has to undergo a signing ceremony of sorts. The issuance and renewal of these special kinds of certificates are not the kind that the Venafi Trust Protection Platform is intended for.

 

templatekeyusage.png

 

Resolution:

If need be, you can download the certificate directly from the MSCA, and import it manually into Venafi Trust Protection Platform.

Was this article helpful?
1 out of 1 found this helpful

Comments