Follow

Error: Certificate fails to enroll with the error: Approval is required per the Issuance Requirements of the template.

Applies To:

Venafi Trust Protection Platform 14.2 and above

Symptom:

When enrolling against a Microsoft CA, the certificate fails at stage 500 with the error:

Verify CA certificate manager approval is required per the Issuance Requirements of the template.

Screen_Shot_2015-02-06_at_14.22.57.png

Cause:

1. This is caused by either Microsoft CA or Certificate template not being configured for manager approval - specifically with certificates containing one or more Subject Alternative Names (SAN).

2. This can also happen when the certificate has a SAN on it and it should not. If you remove the SAN it in this case it should also resolve the error.

Resolution:

1. Enable the CA certificate manager approval setting:

  1. Using the Certificate Authority MMC snap-in, right-click on the CA's name and select Properties.
  2. On the Policy Module tab, click Properties button.
  3. Select Set the certificate request status to pending....
    MSCA_PolicyModule.png

 To make the change to individual templates:

  1. Using the Certificate Templates MMC snap-in, right-click on a template to be enrolled by Trust Protection Platform, and then click Properties.

  2. On the Issuance Requirements tab, select CA Certificate Manager Approval to be required for enrollment

    MSCA_Template_IssuanceRequirements__2_.png

 

Related Articles
Info: Important considerations before upgrading to Venafi Trust Protection Platform 14.2
Info: Important considerations before upgrading to Venafi Trust Protection Platform 14.3
Info: Important considerations before upgrading to Venafi Trust Protection Platform 14.4

Was this article helpful?
1 out of 2 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk