0-Certificate Request Error Received After Domain Migration

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • Description:
    After a Windows Active Directory domain migration, users attempting to enroll for an X.509v3 native certificate receive the error message "0-Certificate Request Error: Please close out your web browser and try again. If problem persists, contact help desk for assistance".

    Following the completion of a Windows Active Directory domain migration, users may no longer have the necessary privileges to their certificate store, preventing acceptance of a new certificate.

    To resolve this issue, perform the steps below on the impacted workstations:

    NOTE: All of the certificates in the certificate store must be deleted to resolve the 0-Certificate Request Error issue. Any certificates you wish to retain need to exported before the instructions below are executed. For information on how to export a certificate, see the following Microsoft documents [Windows 7] [Windows XP].

    1. Navigate to the Windows User Private Key Storage directory located at %APPDATA%\Microsoft\Crypto\RSA (for roaming profiles %APPDATA%\Roaming\Microsoft\Crypto\RSA).

    2. Delete the contents of the directory inside which will have the name of the users SID (e.g. S-1-5-21-2807450274-1270290436-441385562-1183).

    3. Ensure the permissions for the directory in step 1 are set properly for the user account.

    Once the steps above are complete, have the user try enrolling for a certificate again.



    0 out of 0 found this helpful



    Please sign in to leave a comment.