Autorenew not working when setting up key based renewal - Cep/CES

Solution 1:

Based on your comments, the behavior you face is expected. Client doesn't have Autoenroll permissions on certificate template in foreign forest.

Since you can enroll and renew certificates manually, you can go to CA server (or ask PKI admin to do this) and look for identity used to authenticate your request (Requester Name column). This user account must be granted Autoenroll permissions or add to a global or universal group that has appropriate permissions on that template. Then delete local policy cache and run certutil -pulse to trigger autoenrollment and attempt to renew the certificate.

Note that if there is more fresh certificate based on same template, autoenrollment won't renew it until 80% of certificate lifetime is passed or template major revision is updated.

How do I report an Ansible command/shell task as changed in check mode?

Aws S3 encryption. Why use it?

Copying files to remote server failed

how to replace all occurrences of a string inside tags <> using regex in java

Find largest element in matrix and its column and row indexes using SSE and AVX

How can we define Script Scope in javaScript, how it is different from block scope [duplicate]

Db2 rollforward "to end of backup" vs. "to end of logs"?

What parts of a URL are protected by TLS? [duplicate]

What is wrong with this code. Why can't I use SqlConnection?

Is it possible to receive image as a response in postman using spring boot + rest API. Or is there any other method using anything else? [duplicate]

Dynamic multi level hierarchy JSON to Java Pojo. Re-use for multiple projects

scala annotation argument needs to be constant but final val does not make it