I created a certificate request using certreq.exe and the prerequisite request.info on a Windows Server 2012R2 DC--references and details given below.

However, I receive the error "Sorry, your request is not submitted. The reason is "Invalid Request." when attempting to submit "Manual Server Certificate Enrollment" it to my Root CA.

Am I using the wrong template profile? Is there a template that supports OID=1.3.6.1.5.5.7.3.1?

Currently using PKI/Dogtag 10.3, but I did update to 10.4, briefly, then recovered from snap/backup to 10.3 for the error persisted with 10.4.

These are my primary references:

https://support.microsoft.com/en-us/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority

https://technet.microsoft.com/en-us/library/ff625722(v=ws.10).aspx#BKMK_Certreq

Created the CSR by executing "certreq -new request.inf request.csr"

The request.inf follows:

========================================
[Version]

Signature="$Windows NT$

[NewRequest]
Subject = "CN=ad.winauth.mydomain.net"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[Extensions]
2.5.29.17 = "dns=ad.winauth.mydomain.net&"
_continue_ = "dn=CN=AD,OU=Domain Controllers,DC=winauth,DC=mydomain,DC=net&"
_continue_ = "ipaddress=192.168.1.1&"

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
========================================