Resolving Certreq Errors: Key Size and User Permissions


Carol Bailey hits another home run with her post yesterday on resolving a couple of Certreq errors involving Key Size and User Permissions, specifically:

The public key does not meet the minimum size required by the specified certificate template. 0x80094811 (-2146875375) Denied by Policy Module.


The permissions on the certificate template do not allow the current user to enroll for this type of certificate. 0x80094012 (-2146877422) Denied by Policy Module.

In case you missed it, I have her intro and a link below:


I’ve openly admitted that I don’t find the command-line utility, Certreq.exe, the easiest of the Certificate Services methods to use when it comes to deploying certificates for Configuration Manager native mode.  But to some extent I made my peace with Certreq and started to recommend it when the later versions of Web enrollment no longer allowed installing certificates into the computer store.  I always recommend installing directly into the computer store rather than installing into the user store and then exporting the certificate – because apart from the extra admin overheads, this workaround requires that the private key is exportable, which is not advisable for security reasons.  Using Certreq.exe to request a certificate means that you can install directly into the computer store by using the parameter MachineKeySet = True.

To continue reading see Resolving Certreq Errors: Key Size and User Permissions

J.C. Hornbeck | Manageability Knowledge Engineer