Windows PKI CA: "The certificate has invalid policy"

When you try to issue a new certificate on a Windows client, this might not work and you get the following error: The certificate has invalid policy. 0x800b0113 (CERT_E_INVALID_POLICY) The root cause of this is that the issuing CA has restricted the issuance policies you can use. If you have created a certificate template that uses a policy that is not allowed, you will get that error message. There is a quick and dirty method to get rid of this error (but it also makes your CA a bit more Read more [...]