A wider vulnerability scan picked up that we had self signed certificates on our Dell iDRAC’s (Dell Remote Access Controller). But also highlighted that the certificates keys were too small. So that meant in order to resolved the issue we must issue our own certificates and ensure they are the right key size.
This would normally be fairly straight forward. Use the Web UI to generate a CSR and then submit that to the CA. Then just upload the issued certificate to the Web UI and all is done. However, when we submitted the CSR the CA responded with an “Denied by Policy Module” error.
In the CA servers
Application event log we see Event ID: 53
Active Directory Certificate Services denied request 78050 because The public key does not meet the minimum size required by the specified certificate template. 0x80094811 (-2146875375 CERTSRV_E_KEY_LENGTH). The request was for E=root@localhost, CN=DRAC.domain.local, OU=My OU, O=My Organisation, L=Any Town, S=Some County, C=UK. Additional information: Denied by Policy Module