Security

Hi,

I'm trying to setup Clearpass for onboarding as an Intermediate CA.  Have generated the CSR, but wondering what sort of template needs to sign this from a Microsoft CA?

The error I'm getting is 'Certificate is not a CA'.

Me too, ClearPass 6.3.

I have tried with both User and Web Server templates, but same error "Certificate is not a CA"

You need to make sure the account you use to log into the cert srv page has the correct rights. You need to reqest a sub ca.

Here is what it should look like if you have the full admin rights.

Just to add a few thoughts in addition to what tarnold said.

Make sure the user you are requesting the certificate with have the Enroll security access on the template.

• MMC CA console -> Certificate Templates -> Right-click Sub CA Template / Properties / Security. Verify that the user you are logged in with have Enroll properties
• If OK - try to run the browser with Run as command to get the Domain Admin access, unless you have the rights on your user 

Make sure the template is actually Published.

• MMC CA console -> <name-of-ca-server> -> Certificate Templates
• Is it listed here? If not - Expand <name-of-CA> and right-click the Certificate Templates folder -> choose New / Certificate Template to Issue. Select the Subordinate CA template and click OK

Kudos both tarnold and jsolb. Good solution and advise

ok, finally got back round to having a go at this, and having some probs.

Customer has signed the request with the subordinate template.

So I click on 'Install certificate'

And then try to import it, but it just gives this error.

ok, the original CSR was generated many weeks ago and seems there is a timeout.

I deleted the CA and then started again, and then the import worked fine.  :-)