Carol Bailey hits another home run with her post yesterday on resolving a couple of Certreq errors involving Key Size and User Permissions, specifically:
The public key does not meet the minimum size required by the specified certificate template. 0x80094811 (-2146875375) Denied by Policy Module.
The permissions on the certificate template do not allow the current user to enroll for this type of certificate. 0x80094012 (-2146877422) Denied by Policy Module.
In case you missed it, I have her intro and a link below:
I’ve openly admitted that I don’t find the command-line utility, Certreq.exe, the easiest of the Certificate Services methods to use when it comes to deploying certificates for Configuration Manager native mode. But to some extent I made my peace with Certreq and started to recommend it when the later versions of Web enrollment no longer allowed installing certificates into the computer store. I always recommend installing directly into the computer store rather than installing into the user store and then exporting the certificate – because apart from the extra admin overheads, this workaround requires that the private key is exportable, which is not advisable for security reasons. Using Certreq.exe to request a certificate means that you can install directly into the computer store by using the parameter MachineKeySet = True.
To continue reading see Resolving Certreq Errors: Key Size and User Permissions
J.C. Hornbeck | Manageability Knowledge Engineer