I am a client have no control on the server that is serving the requests.
When I send my CSR to that server it answers me by this answer
unable to submit and sign the csr in zatca side, caused : Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: PREZATCA-Code-Signing
zatca = is the organization that has the server
This is my configuration that i used it to generate the CSR:
oid_section = OIDs
[ OIDs ]
certificateTemplateName= 1.3.6.1.4.1.311.20.2
[ req ]
default_bits = 2048
emailAddress = mmkkjjmm55555@email.com
req_extensions = v3_req
x509_extensions = v3_ca
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
C=SA
OU=3111902937
organizationIdentifier=311190293700003
O=ShaEk
CN=127.0.0.1
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:PREZATCA-Code-Signing
subjectAltName = dirName:alt_names
[alt_names]
SN=1-Device|2-234|3-gsgsgs
UID=311190293700003
title=1000
registeredAddress=Zatca 12
businessCategory=Food Business3
It is a data of a store to be able to send e-invoices.
What I tried:
I searched about this error but all of the answers that I found are talking about how to solve this problem for the server side.
Is there any ability to solve this problem from my side, or can I do something to solve it ?
Thanks.
Error says that certificate template PREZATCA-Code-Signing isn't supported by CA. You have either, add this template to CA, or use another certificate template that is supported by CA and accepts subject information from request.
BTW, you are using Microsoft AD CS CA and it will ignore (overwrite) some certificate extensions you defined in request, such as: Enhanced Key Usages, Key Usages and Basic Constraints.