The mystery of “Valid existing certificate” setting in ADCS certificate templates – demystified

This is a follow-up of “Certificate renewal request is placed in pending state when Valid Existing Certificate is selected in certificate template” blog post and final nail into the subject. Let’s re-iterate the problem. ADCS Certificate Templates provide configuration for issuance requirements, which allows you to forcibly put request in pending state (no automatic issuance)…

Read More

ADCS Open Protocols specifications

Hello S-1-1-0, Today I want to talk about another area in ADCS I’m contributing to — Open Protocols specifications. Around 15 years ago, Microsoft moved toward to open source and started a new documentation branch called “Open Specifications”, where Microsoft publishes a very detailed Windows protocols specifications so third party can build compatible clients and…

Read More

Certificate renewal request is placed in pending state when Valid Existing Certificate is selected in certificate template

PKI Solutions Logo

Hello S-1-1-0, here is a new blog post in a long time. Today I want to talk about the issue when “Valid existing certificate” does not bypass CA Manager approval and/or enrollment agent requirement during certificate renewal in Microsoft CA. In certificate template settings, Issuance Requirements we can configure additional requirements for enrollment and re-enrollment…

Read More