I created a certificate request using certreq.exe and the prerequisite
request.info on a Windows Server 2012R2 DC--references and details given
below.
However, I receive the error "Sorry, your request is not submitted. The
reason is "Invalid Request." when attempting to submit "Manual Server
Certificate Enrollment" it to my Root CA.
Am I using the wrong template profile? Is there a template that supports
OID=1.3.6.1.5.5.7.3.1?
Currently using PKI/Dogtag 10.3, but I did update to 10.4, briefly, then
recovered from snap/backup to 10.3 for the error persisted with 10.4.
These are my primary references:
https://support.microsoft.com/en-us/help/321051/how-to-
enable-ldap-over-ssl-with-a-third-party-certification-authority
https://technet.microsoft.com/en-us/library/ff625722(v=ws.
10).aspx#BKMK_Certreq
Created the CSR by executing "certreq -new request.inf request.csr"
The request.inf follows:
========================================
[Version]
Signature="$Windows NT$
[NewRequest]
Subject = "CN=ad.winauth.mydomain.net"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[Extensions]
2.5.29.17 = "dns=ad.winauth.mydomain.net&"
_continue_ = "dn=CN=AD,OU=Domain
Controllers,DC=winauth,DC=mydomain,DC=net&"
_continue_ = "ipaddress=192.168.1.1&"
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
========================================