Troubleshoot Certificate-Related Problems

Applies To: Windows 7, Windows Server 2008 R2

This section lists a few common issues you may encounter when using the Certificates snap-in or working with certificates.

What problem are you having?

  • I cannot enroll for a new certificate by using the Certificate Request Wizard.

  • I get a message indicating that I need to enroll for a new certificate, but the enrollment process fails.

  • I cannot enroll for a new certificate over the Web.

  • I am no longer able to use my certificate.

I cannot enroll for a new certificate by using the Certificate Request Wizard.

Cause: The type of certificate you are requesting is not available.

Solution: Contact your administrator.

I get a message indicating that I need to enroll for a new certificate, but the enrollment process fails.

Cause: In order for clients to receive certificates, they need to be able to contact the certification authority (CA) that will process the request.

Solution: If a CA is intended to be offline, the certificate request must be processed manually by copying it to removable media and physically carrying it to the CA for processing. Otherwise, wait until the CA is once again online and try again.

Cause: If the CA is online but enrollment still fails, autoenrollment permissions might have been configured incorrectly.

Solution: An administrator must modify the access control list on the certificate template to grant Read, Enroll, and Autoenroll permissions for the intended recipients of the certificate.

I cannot enroll for a new certificate over the Web.

Cause: The CA Web Enrollment pages on the server that you are attempting to contact need to be updated to process certificate requests from this version of Windows.

Solution: Contact your administrator.

I am no longer able to use my certificate.

Cause: The certificate has expired or is not valid for the intended purpose.

Solution: View the certificate to determine its expiration date. If it has expired, use the Certificate Renewal Wizard to renew the certificate. If it has not expired, verify that the certificate is valid for your desired purpose. If it is not, request a new certificate for the desired purpose.

Additional references