none
Error while generating CSR using MMC RRS feed

  • Question

  • Hi 

    I am using my local administrator account and trying to generate a custom CSR with a Key Size of 2048 and I got the following errors when clicking the private key tab.

    "One or more of the object's properties are missing or invalid"

    As I assumed the missing properties are referring to the other tabs (General,Subject,Extensions tab), I did tried to fill up all necessary options before clicking the private key tab but it still shows this error.

    May I know how can I solved this issue as I can't find any solutions ? I did check events log but do not have error related to this errors.

    Thanks in advance

    • Edited by LearningPKI Sunday, October 21, 2018 9:40 AM
    Sunday, October 21, 2018 9:35 AM

All replies

  • Hi,

    Thanks for posting in our forum.

    The CSR must contain a minimum of the following fields:

    Organization

    Organizational Unit

    Locality (City)

    State/Province

    Country (2 character code)

    Common Name (Fully Qualified Domain Name)

    Another possibility is that the CSR contains non-alphanumeric characters in the required fields.

    Make sure your CSR begins with 5 dashs and ends with 5 dashs as below:

    -----BEGIN NEW CERTIFICATE REQUEST-----

    -----END NEW CERTIFICATE REQUEST-----

    Also, please check for additional characters that may have been picked up by accident, possibly through cutting and pasting. Below is an example where the additional characters (the '!' and the 'space' underlined and highlighted in red) will cause a CSR decoding error. Normally, a CSR that contains characters such as '?', '@', '#', '$', '%', '^', '&' and '*' will cause issues. The only allowable non-alphanumeric character is the backslash '\'.

    Reference

    https://blogs.technet.microsoft.com/askds/2007/11/06/how-to-troubleshoot-certificate-enrollment-in-the-mmc-certificate-snap-in/

    Hope above information could help.

    Best Regards,

    Kallen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 22, 2018 8:38 AM
    Moderator
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Kallen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 26, 2018 9:26 AM
    Moderator
  • Hi Kallen,

    Thank you and apologize for the late reply, my issue was not solved yet. I did add the field that you have mention earlier but i still got the same error when clicking private key tab. Maybe I typed the exact steps I did in details.

    1) Go to MMC, Certificates (Local Computer) > Personal > Certificates > Right click and select All Tasks > Advanced Operations > Create Custom Request

    2) Click Next > Select Custom Request: Proceed without enrollment policy

    3) Click Next > Leave everything as defaults - (No Template) CNG key and PKCS#10

    4) Click Next > Under Custom request, expend Details and click Properties

    5) Under General tab, Added Friendly name and Description

    6) Under Subject tab, Added Common Name (Fully Qualified Domain Name)Country (2 character code), State/ProvinceLocality (City)Organizational Unit and Organization

    7) Under Extensions tab and filled up the Key Usage and Extended Key Usage

    8) This is when it breaks - I clicked the Private Key tab as I wanted to select 2048 key size and the following error appeared

    Error "One or more of the object's properties are missing or invalid"

    It does open the Private key tab but none of the options can be selected. The tab is essentially locked out. 

    Is there any missing steps or I did something incorrectly?

    Friday, November 9, 2018 3:39 AM
  • Hi,

    I managed to find the solution to your issue on another website.

    Apparently you have to select Legacy instead of CNG Key on step 3.

    I found this weird as Windows 10 should support CNG Key too.

    But as of now, it seems to solve the issue of not able to indicate the private key length. Hope there is a better solution to this.


    • Edited by Mistersin93 Thursday, October 3, 2019 1:53 AM
    Thursday, October 3, 2019 1:53 AM