Hi all,
One of the issues we may find when trying the code in my post How to create a certificate request that uses key archival with CertEnroll (JavaScript) is the following error when creating the request:
CertEnroll::CX509Enrollment::p_CreateRequest: A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478)
This issue can occur if the CA certificate is not in client's Enterprise NTAuth store. The local NTAuth store can be manually populated using the utility certutil.exe:Certutil -enterprise -addstore NTAuth CaCertificate.cer
More info here:
How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store
I hope this helps.
Regards,
Alex (Alejandro Campos Magencio)
If the requests fails and I try and run it again. It fails because objPrivateKey exists. How can I delete the key?