Re: [Pki-users] Assistance with creating and submitting a Windows LDAPS Certificate; PKI 10.3.3

I created a certificate request using certreq.exe and the prerequisite request.info on a Windows Server 2012R2 DC--references and details given below. However, I receive the error "Sorry, your request is not submitted. The reason is "Invalid Request." when attempting to submit "Manual Server Certificate Enrollment" it to my Root CA. Am I using the wrong template profile? Is there a template that supports OID=1.3.6.1.5.5.7.3.1?

Currently using PKI/Dogtag 10.3, but I did update to 10.4, briefly, then recovered from snap/backup to 10.3 for the error persisted with 10.4. These are my primary references: https://support.microsoft.com/en-us/help/321051/how-to- enable-ldap-over-ssl-with-a-third-party-certification-authority https://technet.microsoft.com/en-us/library/ff625722(v=ws. 10).aspx#BKMK_Certreq Created the CSR by executing "certreq -new request.inf request.csr" The request.inf follows: ======================================== [Version] Signature="$Windows NT$ [NewRequest] Subject = "CN=ad.winauth.mydomain.net" KeySpec = 1 KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [Extensions] 2.5.29.17 = "dns=ad.winauth.mydomain.net&" _continue_ = "dn=CN=AD,OU=Domain Controllers,DC=winauth,DC=mydomain,DC=net&" _continue_ = "ipaddress=192.168.1.1&" [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication ========================================