Hello,
I recently deployed an enterprise CA on server 2016. I then copied the Web Server cert template. I then edited Compatibility to Server2012R2&Win7 CA/recipient, and Algorithm to ECDH_P256 (although I noticed now that the request hash is still sha1), and set it to publish certificate in AD. I renamed the template to Web Server 2 then added it to Certificate Templates so as to publish it. Other than that I left it alone.
I then went to an IIS server to run through the Create Domain Cert Request wizard. It fails and the CA log says, "0x80094800, The request was for a certificate template that is not supported by the Active Directly Certificate Services Policy: WebServer"
I have verified that my new template appears in the CA's Certificate Templates folder.
If I publish the default Web Server template as is, all works, but I would like better than 1024 bit RSA keys. ;)
This didn't seem to have a solution ht t p s : / /social.technet.microsoft.com/Forums/windows/en-US/96016a13-9062-4842-b534-203d2f400cae/ca-certificate-request-error-denied-by-policy-module-0x80094800-windows-server-2008-standard?forum=winserversecurity
What have I missed?
Thank you