I am getting an "access is denied" message when attempting to use the certreq from the commandline.
TLDR; I am a domain admin, and a local admin on the machine (inherited). I am using an elevated session of the command prompt. I have searched the internet, and seemingly the only thing helpful was to make sure that admins have full control over C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
.
I did that, and I am still getting permission denied, even after a reboot.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
, in fact modifying the permissions of that folder, could be connected to the behavior you describe.certreq -enroll
is very different fromcertreq -sign
for example. You can have access denied to in/out files, the keystores, the CA server, or the particular template.