Skip to main content

0-Certificate Request Error

Symptom

When enrolling for a native X.509v3 certificate, users receive the error message "0-Certificate Request Error: Please close out your web browser and try again. If problem persists, contact help desk for assistance"

Cause

A 0-Certificate Request Error can be caused by the following issues:

1. If the clock is off by five minutes or more the appliance may be unable to retrieve the certificate from the SecureAuth cloud

2. The private key has become corrupt and the browser is unable to access it

3. The realm is configured to deliver a machine key and the user profile does not have the necessary privileges to place that key into the certificate store

4. After a domain migration the users profile does not have the necessary privileges to access the certificate store

5. Internet Explorer shows this error because the domain isn't trusted

Resolution

1. To verify the time on your appliance and, if necessary configure NTP, see the Microsoft support document Set the Clock

2. To resolve the private key issue, see Private Key Corruption - SecureAuth Error Code 0 error cleanup

3. To resolve the machine key issue, either assign the necessary privileges to the users Active Directory profile or configure the realm to only assign a personal certificate (Workflow > Product Configuration > IE/ PFX / Java Cert Type)

4. To resolve the domain migration issue, see 0-Certificate Request Error Received After Domain Migration

5. To resolve the IE domain trust issue, add the domain to Tools/Options/Security under Local Intranet/Sites or Trusted Sites