certreq -Enroll

Moonlight 176 Reputation points
2020-08-17T16:42:14.11+00:00

Hello

I tried to use the below command in order to renew certificate but i have an error (The request contains no certificate template information)

certreq -Enroll -cert certificateSerialNumber -machine Renew

How can i solve this issue?

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,774 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Moonlight 176 Reputation points
    2020-08-17T20:16:09.173+00:00

    This is wrong paramter

    18054-cat2.jpg

    0 comments
  2. Vadims Podāns 9,116 Reputation points MVP
    2020-08-17T20:29:33.113+00:00

    Ok, I've just checked the certreq docs, it seems that you can't renew the certificate if it does not contain certificate template information inside. You will have to request brand new certificate based on certificate template.

    0 comments
  3. Daisy Zhou 20,791 Reputation points Microsoft Vendor
    2020-08-18T01:40:51.983+00:00

    Hello @Moonlight ,

    Thank you for posting here.

    Based on the description, I did a test in my lab.

    Renew machine certificate:

    1. Find the serial number of ths certificate and renew certificate with command below (logon the machine with domain Administrator, open CMD and run as Administrator). Check if it is the certificate we want to renew, If so, click OK button.

    certreq -enroll -machine -cert <certificateSerialNumber> renew

    For example:
    certreq -enroll -machine -cert 7a000000aa9a6f2b39229c893d0001000000aa renew

    17998-en1.png
    2. Click Next button.
    18009-en2.png
    3. Click Enroll button.
    18115-en3.png

    17999-en4.png
    4. The certificate is renewed successfully.
    18000-en5.png

    Renew user certificate:

    1. Find the serial number of ths certificate and renew certificate with command below (open CMD, do not run as Administrator):

    certreq -enroll -user -cert <certificateSerialNumber> renew

    For example:
    certreq -enroll -user -cert 7a000000ae610e95b6350f629f0001000000ae renew
    18141-en11.png
    2. Check if it is the certificate we want to renew, If so, click Next button and Enroll button.
    18087-en22.png
    3. The certificate is renewed successfully.
    18069-en33.png

    Tips:

    1. From the description, we can see, we should delete the spaces in the serial number.
    2. The command contains the incorrect synbol.
      18070-enen.png
    3. If we have more than one CA in AD environment, we should check the CA server that issue the certificate.
      18040-enen1.png

    Hope the information is helpful. If anything is unclear, please feel free to let us know.

    For more information we can refer to the link below.
    certreq
    https://video2.skills-academy.com/en-us/windows-server/administration/windows-commands/certreq_1

    Best Regards,
    Daisy Zhou

    0 comments