Error: RetrieveCertificate failed with error: No End Entity certificate found

Applies to:

Microsoft Certificate Authority and Venafi Trust Protection Platform 15.1 through 17.1

Update (November 15, 2017):

In Venafi Trust Protection Platform 17.2, it was updated so that the Microsoft Certificate Authority enrollment driver could support the issuance of intermediate root certificates.



When enrolling against a Microsoft CA in Venafi, the error of "RetrieveCertificate failed with error: No End Entity certificate found" at stage 700. 




More Info:

The error is due to using a CA template on the CA that has the Key Usage of "Certificate signing" configured. That Key Usage signifies that a certificate has the capability of signing other certificates, or in other words, a subordinate CA. Typically the creation of CA certificates, for security reasons, can't be an automated process and has to undergo a signing ceremony of sorts. The issuance and renewal of these special kinds of certificates are not the kind that the Venafi Trust Protection Platform is intended for.





If need be, you can download the certificate directly from the MSCA, and import it manually into Venafi Trust Protection Platform.

Was this article helpful?
1 out of 1 found this helpful