Hello, I have a problem of generating SSL cert for form based authentication. My environment is as follows: PC A --> acts as DC, domain=example.com PC B --> where ms exchange 2003 and cert authority is installed, configured to be the member of domain=example.com I have tested OWA without form-based auth and now would like to enable form based authentication. I followed the steps outlined in http://www.msexchange.org/tutorials/Securing-Exchange-Server-2003-Outlook-Web-Access-Chapter5.html, but I was unable to generate the SSL cert with the following error logged in event viewer: "Certificate Services denied request 4 because Access is denied. 0x80070005 (WIN32: 5). The request was for C=xx, S=xxx, L=xxx, O=xxx, OU=xx, CN=xxx.xx.x. Additional information: Denied by Policy Module I have googled and followed the instruction from this site: http://support.microsoft.com/default.aspx?scid=kb;en-us;281271 but the problem persists ! The only step I was unsure is from the instruction is: "Set permissions on the applicable certificate templates to allow users in the child domain to enroll. (NOTE: You must be logged onto the root domain with domain administrator rights.). I'm not sure which template's permission that I should modify and anyway, I'm unable to set any modification to the permission (I have permission to view only which is weird because I logged in as administrator !). This is strange ! I was able to generate cert and have form-based authentication working before. But a few days ago, I had to reinstall my AD & exchange server due to AD crash. After that, I was unable to generate ssl cert. I really have no idea why ssl cert generation which was working before now failed...Any idea guys how to trace the source of problem ? Thanks !