Add New CA Templates

Certificate Templates are stored in the Active Directory so Windows CAs can share and use the certificate templates but you still need to add them to the CA

Get-CATemplate

• You need to click on your Certificate Authority -> -> Certificate Templates -> New -> Certificate Template to Issue or click Manage (manages AD Templates duplicate and modify)

revocation server was offline issues

Active Directory Certificate Services denied request 6 because The revocation function was unable to check revocation because the revocation server was offline. 0x80092013

https://learn.microsoft.com/en-us/answers/questions/339811/enable-revocation-checking-on-subordinate-ca

https://learn.microsoft.com/en-us/answers/questions/1320695/the-revocation-function-was-unable-to-check-revoca

The revocation function was unable to check revocation because the revocation server was offline

Fix - Turn on rootca1 and copy *.crl files to subca(s)

scp rootca1.example.com:\Windows\System32\CertSrv\CertEnroll ./
scp CertEnroll\*.crl ica1.example.com:\Windows\System32\CertSrv\CertEnroll\

Certificate Authority (Local) and right click and start Certificate Authority service and it should come up green

You can just disable the rev check as well. This is guaranteed to work

• https://stealthpuppy.com/resolving-issues-starting-ca-offline-crl/

Ignore if offline

certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE

Re-enable offline check

certutil -setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFLINE