In this blog, I’ll show you what might be causing the message “Certificate types are not available” when you request a certificate through your local Microsoft Server CA (ADCS). If you run into an error when requesting a new certificate, you want to fix it as soon as possible.
One problem I have experienced many times myself is that when you try to request a certificate you get the message “Certificate types are not available”. The cause of this can have several reasons such as: No permissions, Expired certificates and more.
When you check the “Show all templates” box the certificate templates will appear with the status “Unavailable”. You will also notice an error message
I will try to add more issues and solutions over time. Please let me know if you have encountered an error and have a solution for that issue.
Error: This type of certificate can be issues only to a computer/user
These errors are probably caused by openening the certificates snap-in with the wrong account. Try to reopen with the correct account.
Error: You don’t have permission to request this type of certificate
You don’t have the permissions to enroll the certificate. On the CA server Rightclick Certificate Templates and select “manage” to open the “Certificate Tempales Console”. Select the properties of the template and select “Security”. Select the Enroll allow box.
Error: A valid certification authorithy (CA) cannot be located
This can have multiple causes. When this error occurs with a new certificate server check if the root certificate of the PKI has been installed on the computer where you try to request a certificate. The certificate should be in the “Trusted Root Certificates Authorities” store of the local computer.
I hope this post is helpfull. Please let me know if you have tips or additions to this list.