none
Submit new request - nothing happens RRS feed

  • Question

  • Hi,

    I installed a Certification Authority on a Windows Server 2008 R2 domain member to secure Exchange 2010 "Outlook Web App" with SSL.

    I created the Certificate Request (cert.req) from the EMC "Exchange Certificates" screen, but when I use the "submit new request" function of the CA MMC, nothing happens, no error message, nothing.

    Any ideas ?


    - ThePro
    Friday, December 24, 2010 11:10 PM

Answers

  • I have checked your request file. The problem is that the file is saved in Unicode encoding which is not supported. Open file in notepad and save it in ANSI encoding.
    http://en-us.sysadmins.lv
    • Proposed as answer by Vadims PodansMVP Monday, December 27, 2010 6:08 PM
    • Marked as answer by McThePro Monday, December 27, 2010 7:19 PM
    Monday, December 27, 2010 6:08 PM

All replies

  • Now you need to copy the cert.req to the CA server web interface and download the certificate from the CA server.

     


    MCSA, MCSE, MCITP:SA, MCITP:EA, MCTS:Exchange Server 2010 Config, CCNA
    • Marked as answer by McThePro Saturday, February 25, 2012 2:00 PM
    • Unmarked as answer by McThePro Saturday, February 25, 2012 2:00 PM
    Friday, December 24, 2010 11:59 PM
  • Hi,

    I installed a Certification Authority on a Windows Server 2008 R2 domain member to secure Exchange 2010 "Outlook Web App" with SSL.

    I created the Certificate Request (cert.req) from the EMC "Exchange Certificates" screen, but when I use the "submit new request" function of the CA MMC, nothing happens, no error message, nothing.

    Any ideas ?


    - ThePro

    In the same MMC locate Issued Certificates node and ensure if your certificate was issued. Double-click on certificate, switch to Details tab a click Copyt to file button. Follow instructions, move the file to Exchange server and install it.

    > Now you need to copy the cert.req to the CA server web interface and download the certificate from the CA server.

    no, this is not correct answer. Author already submitted request to CA server.


    http://en-us.sysadmins.lv
    Saturday, December 25, 2010 8:42 AM
  • In the same MMC locate Issued Certificates node and ensure if your certificate was issued.

    There nothing in the "Issued certificate" screen, neither in "Pending requests" nor "Failed Requests"

     


    - ThePro
    Saturday, December 25, 2010 3:30 PM
  • try to perform the same operation, but from command line:

    certreq -submit requestfile.req

    In the opened dialog box select required CA server and check for any messages.


    http://en-us.sysadmins.lv
    • Proposed as answer by jtondt Saturday, February 25, 2012 2:58 AM
    Saturday, December 25, 2010 4:29 PM
  • The error message is:

    Active Directory Enrollment Policy
      {04D0DAAD-B09E-4083-AF37-4D6131C40066}
      ldap:
    Certificate not issued (Incomplete)

    Thanks for your help !


    - ThePro
    Saturday, December 25, 2010 5:15 PM
  • Can you show us the output of the following command:

    certutil -dump requestfile.req

    it is probably that certificate request is missing Certificate Template information. If so, make sure if appropriate template is assigned to CA server (for example, WebServer template) and submit request as follows:

    certreq -submit -attrib "CertificateTemplate:WebServer" requestfile.req


    http://en-us.sysadmins.lv
    Saturday, December 25, 2010 5:33 PM
  • Here is the output:

    ------

    PKCS10 Certificate Request:
    Version: 1
    Subject:
        C=CA
        S=Quebec
        L=Saguenay
        O=Grimard
        OU=Head office
        CN=exchange.grimard.ca

    Public Key Algorithm:
        Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
        Algorithm Parameters:
        05 00
    Public Key Length: 2048 bits
    Public Key: UnusedBits = 0
        0000  30 82 01 0a 02 82 01 01  00 d8 c7 65 6d 06 37 dd
        0010  13 dc 04 92 c4 0f b5 c2  1c 53 7f dc 5f 85 11 c6
        0020  90 eb 9d a4 09 a8 ae e7  25 38 07 66 b7 bc 74 1b
        0030  a1 ce 6b e1 be 83 aa fa  5d 28 a7 ee 30 44 08 52
        0040  6a ae 09 6b 07 a4 cc 45  2b 4b 36 0e 2f a1 df ed
        0050  45 c3 b1 77 1f f9 11 7d  88 6f ca a8 1e 18 31 d0
        0060  90 cb 1d 85 62 7d 88 2b  11 9c 3d b6 7a 5a 90 a1
        0070  48 3e 73 e2 69 cc 13 79  ae 3a 0f d8 dd ff 78 6d
        0080  41 43 e9 1a 92 41 0a ad  aa f4 2a bd 9b c0 94 bd
        0090  b3 ce de b0 6c c6 54 70  a3 b2 a5 4f 9f 17 39 8b
        00a0  03 b8 b4 0a ff 6d d4 48  35 86 22 75 2e 79 ea 52
        00b0  55 34 56 7c 42 55 b8 9b  49 5d 16 89 d6 f5 f1 51
        00c0  dc c0 bc 4d 35 d2 ed 6a  0b 8f 6a 1b 85 0b 55 02
        00d0  65 6a 4d d9 53 17 6e 97  73 b5 65 4b b6 45 8a 3b
        00e0  52 5d 9f ea 4e e0 80 5e  48 e5 f3 89 f3 b8 6c ca
        00f0  fd 53 25 82 9c fd f9 20  25 60 86 d6 7f 12 12 06
        0100  76 1d 1a 64 78 7e 47 c7  33 02 03 01 00 01
    Request Attributes: 4
      4 attributes:

      Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version)
        Value[0][0]:
            6.1.7600.2

      Attribute[1]: 1.3.6.1.4.1.311.21.20 (Client Information)
        Value[1][0]:
        Unknown Attribute type
        Client Id: = 5
        ClientIdDefaultRequest -- 5
        User: GRIMARD\EXCHANGE3$
        Machine: EXCHANGE3.grimard.ca
        Process: Microsoft.Exchange.ServiceHost.exe

      Attribute[2]: 1.3.6.1.4.1.311.13.2.2 (Enrollment CSP)
        Value[2][0]:
        Unknown Attribute type
        CSP Provider Info
        KeySpec = 1
        Provider = Microsoft RSA SChannel Cryptographic Provider
        Signature: UnusedBits=0

      Attribute[3]: 1.2.840.113549.1.9.14 (Certificate Extensions)
        Value[3][0]:
        Unknown Attribute type
    Certificate Extensions: 4
        2.5.29.15: Flags = 1(Critical), Length = 4
        Key Usage
            Digital Signature, Key Encipherment (a0)

        2.5.29.17: Flags = 0, Length = 30
        Subject Alternative Name
            DNS Name=exchange.grimard.ca
            DNS Name=autodiscover.grimard.ca

        2.5.29.19: Flags = 1(Critical), Length = 2
        Basic Constraints
            Subject Type=End Entity
            Path Length Constraint=None

        2.5.29.14: Flags = 0, Length = 16
        Subject Key Identifier
            28 94 a3 60 f9 9f 98 2e 0a bc fd 45 23 c1 98 17 43 a3 83 ac

    Signature Algorithm:
        Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
        Algorithm Parameters:
        05 00
    Signature: UnusedBits=0
        0000  3c 9b 96 b5 f6 e7 9d c6  ec 57 a8 68 2f 32 af 66
        0010  40 75 30 ea fd 22 d3 1b  50 b2 84 50 37 d9 91 85
        0020  5a 71 a5 67 fb 88 4b fd  4a e3 c0 1d 06 c9 41 02
        0030  86 ce 1e ca 8b 63 ed 69  8b 97 d4 7d 20 f3 f2 59
        0040  7d 1a fa 1c fd 61 a5 77  c9 b1 4a 25 e7 4c 89 74
        0050  7a 21 06 80 7a 53 8d 53  84 25 99 cd 9e 2b 09 ae
        0060  35 81 06 86 e0 8e 61 cb  ee b3 d6 20 72 3e c0 a3
        0070  01 9e 73 c3 ef 4c 25 d1  03 ec 00 76 8e 3b fb 76
        0080  b0 60 88 a8 d3 65 0d 62  64 f7 39 28 bc 46 3c 7d
        0090  6e 36 ca 8e f9 59 e9 3b  b2 12 a3 51 e9 24 31 95
        00a0  2b 10 e5 49 3d 96 f4 d5  00 d0 65 ef 23 fe 86 91
        00b0  ee 28 4f 03 c8 ca 5c 3c  28 9c c5 8a b2 2b 8a 7a
        00c0  ff 8e 84 25 8d 20 2e b1  39 e8 99 bb 76 5c 1f b1
        00d0  2d df da 32 22 11 1d 96  24 b8 8a 4a a4 a4 0c e0
        00e0  09 07 12 61 d3 a5 0e 42  f4 5a 0e 68 86 b2 20 a9
        00f0  a2 58 4a fa 22 40 ea e0  75 81 20 c9 ec 68 21 7d
    Signature matches Public Key
    Key Id Hash(rfc-sha1): 28 94 a3 60 f9 9f 98 2e 0a bc fd 45 23 c1 98 17 43 a3 83
    ac
    Key Id Hash(sha1): 22 90 54 cf 72 8b cb 5f ec f9 91 a4 82 f0 bc 5a 0e 14 44 6e
    CertUtil: -dump command completed successfully.

    ------


    - ThePro
    Saturday, December 25, 2010 5:36 PM
  • As I assumed, Certificate Template extension is missing. In addition your request contains Subject Alternative Name extension. By default Windows CA don''t allow this extension for templates where subject is constructed from request information. Run the following commands on the CA server:

    certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
    net stop certsvc
    net start certsvc

    make sure if appropriate template is assigned to CA server (for example, WebServer template) and submit request as follows:

    certreq -submit -attrib "CertificateTemplate:WebServer" requestfile.req


    http://en-us.sysadmins.lv
    Saturday, December 25, 2010 6:00 PM
  • Thanks.

    I ran these steps, but I still have the same error message. How do I select which template to use ?


    - ThePro
    Saturday, December 25, 2010 6:40 PM
  • This command parameter: -attrib "CertificateTemplate:WebServer" will specify template name.
    http://en-us.sysadmins.lv
    Saturday, December 25, 2010 9:18 PM
  • My question was: how do I know if "WebServer" is the right template for an Exchange server ?

    Thanks again.


    - ThePro
    Monday, December 27, 2010 12:57 PM
  • Exchange server requires server authentication certificate, so Outlook clients are able to communicate with Exchange over HTTPS (SSL). Server certificate guarantees that Outlook is connected to right server. Default WebServer template met all those requirements for Exchange server.
    http://en-us.sysadmins.lv
    Monday, December 27, 2010 2:08 PM
  • Ok, but I still get:

    Active Directory Enrollment Policy
      {04D0DAAD-B09E-4083-AF37-4D6131C40066}
      ldap:
    Certificate not issued (Incomplete)


    - ThePro
    Monday, December 27, 2010 2:12 PM
  • can you send me a copy of the request file (vpodans&sysadmins.lv)? Replace & with @.
    http://en-us.sysadmins.lv
    Monday, December 27, 2010 2:47 PM
  • I have checked your request file. The problem is that the file is saved in Unicode encoding which is not supported. Open file in notepad and save it in ANSI encoding.
    http://en-us.sysadmins.lv
    • Proposed as answer by Vadims PodansMVP Monday, December 27, 2010 6:08 PM
    • Marked as answer by McThePro Monday, December 27, 2010 7:19 PM
    Monday, December 27, 2010 6:08 PM
  • Problem solved. Thank you very much.
    - ThePro
    Monday, December 27, 2010 7:20 PM
  • Vadims is correct that the Windows Certificate Authority MMC Admin snap-in (i.e. right click on CA's name node | All Tasks | Submit new request) does not support a certificate request file (*.req) saved in Unicode encoding. You'll have to convert its encoding to ANSI so that CA Admin snap-in can utilize it. As he mentioned using NotePad one can easily convert the encoding from Unicode to ANSI.

    The 'New Exchange Certificate' wizard in Exchange 2010 does generate a certificate request file with Unicode encoding. I looked into it using instructions provided by Vadims here & in other forum posts. If you look at the original certreq file, it looks like this in NotePad:

    Now when you do: NotePad | File | Save As, in that new 'Save As' dialog box, you will see the Encoding set to Unicode for this file:

    All you need to do there is change the Encoding to ANSI, give it a new File name, like certreq1.req, change the Save as type to All Files (otherwise it will be saved as a text file by default)...

    And then you're all done.

    Keep in mind that even now after encoding conversion if you open the file in NotePad, it'll still look like as it looked before, as in screenshot pasted above.

    Another thing mentioned by Vadims is that you can use certutil to get an idea of certreq file's encoding. Certutil is a utility (certutil.exe) you'll find in Windows\System32 folder on a Windows machine. Before using the commands below I copied both files (certreq.req with Unicode Encoding & certreq1.req with ANSI Encoding) to the same \system32 folder.

    I then ran the following command on certreq.req file which has Unicode Encoding. Notice the output here, not easy to understand.

    C:\WINDOWS\system32>certutil -dump certreq.req
        0000  2d 00 2d 00 2d 00 2d 00  2d 00 42 00 45 00 47 00   -.-.-.-.-.B.E.G.
        0010  49 00 4e 00 20 00 4e 00  45 00 57 00 20 00 43 00   I.N. .N.E.W. .C.
        0020  45 00 52 00 54 00 49 00  46 00 49 00 43 00 41 00   E.R.T.I.F.I.C.A.
        0030  54 00 45 00 20 00 52 00  45 00 51 00 55 00 45 00   T.E. .R.E.Q.U.E.
        0040  53 00 54 00 2d 00 2d 00  2d 00 2d 00 2d 00 0d 00   S.T.-.-.-.-.-...
        0050  0a 00 4d 00 49 00 49 00  44 00 2f 00 6a 00 43 00   ..M.I.I.D./.j.C.
        0060  43 00 41 00 75 00 59 00  43 00 41 00 51 00 41 00   C.A.u.Y.C.A.Q.A.
        0070  77 00 59 00 6a 00 45 00  51 00 4d 00 41 00 34 00   w.Y.j.E.Q.M.A.4.
        0080  47 00 41 00 31 00 55 00  45 00 41 00 77 00 77 00   G.A.1.U.E.A.w.w.
        0090  48 00 59 00 57 00 31 00  70 00 63 00 6d 00 55 00   H.Y.W.1.p.c.m.U.
        00a0  78 00 4e 00 44 00 45 00  52 00 4d 00 41 00 38 00   x.N.D.E.R.M.A.8.
        00b0  47 00 41 00 31 00 55 00  45 00 43 00 77 00 77 00   G.A.1.U.E.C.w.w.
        00c0  49 00 54 00 33 00 4a 00  6e 00 49 00 46 00 56 00   I.T.3.J.n.I.F.V.
        00d0  75 00 0d 00 0a 00 61 00  58 00 51 00 78 00 45 00   u.....a.X.Q.x.E.
        00e0  44 00 41 00 4f 00 42 00  67 00 4e 00 56 00 42 00   D.A.O.B.g.N.V.B.
        00f0  41 00 6f 00 4d 00 42 00  30 00 4e 00 76 00 62 00   A.o.M.B.0.N.v.b.
        0100  6e 00 52 00 76 00 63 00  32 00 38 00 78 00 44 00   n.R.v.c.2.8.x.D.
        0110  7a 00 41 00 4e 00 42 00  67 00 4e 00 56 00 42 00   z.A.N.B.g.N.V.B.
        0120  41 00 63 00 4d 00 42 00  6b 00 52 00 68 00 62 00   A.c.M.B.k.R.h.b.
        0130  47 00 78 00 68 00 63 00  7a 00 45 00 4c 00 4d 00   G.x.h.c.z.E.L.M.
        0140  41 00 6b 00 47 00 41 00  31 00 55 00 45 00 43 00   A.k.G.A.1.U.E.C.
        0150  41 00 77 00 43 00 0d 00  0a 00 56 00 46 00 67 00   A.w.C.....V.F.g.
        0160  78 00 43 00 7a 00 41 00  4a 00 42 00 67 00 4e 00   x.C.z.A.J.B.g.N.
        0170  56 00 42 00 41 00 59 00  54 00 41 00 6c 00 56 00   V.B.A.Y.T.A.l.V.
        0180  54 00 4d 00 49 00 49 00  42 00 49 00 6a 00 41 00   T.M.I.I.B.I.j.A.
        0190  4e 00 42 00 67 00 6b 00  71 00 68 00 6b 00 69 00   N.B.g.k.q.h.k.i.
        01a0  47 00 39 00 77 00 30 00  42 00 41 00 51 00 45 00   G.9.w.0.B.A.Q.E.
        01b0  46 00 41 00 41 00 4f 00  43 00 41 00 51 00 38 00   F.A.A.O.C.A.Q.8.
        01c0  41 00 4d 00 49 00 49 00  42 00 43 00 67 00 4b 00   A.M.I.I.B.C.g.K.
        01d0  43 00 41 00 51 00 45 00  41 00 0d 00 0a 00 6f 00   C.A.Q.E.A.....o.
        01e0  50 00 44 00 41 00 6a 00  36 00 35 00 75 00 7a 00   P.D.A.j.6.5.u.z.
        01f0  77 00 77 00 41 00 6a 00  4d 00 43 00 5a 00 68 00   w.w.A.j.M.C.Z.h.
        0200  73 00 4f 00 78 00 71 00  77 00 4a 00 53 00 64 00   s.O.x.q.w.J.S.d.
        0210  4a 00 4f 00 57 00 61 00  4c 00 41 00 4d 00 63 00   J.O.W.a.L.A.M.c.
        0220  4a 00 54 00 33 00 30 00  4f 00 6a 00 62 00 78 00   J.T.3.0.O.j.b.x.
        0230  35 00 64 00 31 00 5a 00  39 00 38 00 7a 00 67 00   5.d.1.Z.9.8.z.g.
        0240  73 00 37 00 58 00 34 00  45 00 4e 00 55 00 33 00   s.7.X.4.E.N.U.3.
        0250  6e 00 75 00 55 00 57 00  42 00 62 00 4b 00 0d 00   n.u.U.W.B.b.K...
        0260  0a 00 62 00 63 00 65 00  6e 00 67 00 39 00 6c 00   ..b.c.e.n.g.9.l.
        0270  56 00 36 00 41 00 56 00  32 00 54 00 4a 00 77 00   V.6.A.V.2.T.J.w.
        0280  6b 00 62 00 76 00 2b 00  64 00 32 00 69 00 76 00   k.b.v.+.d.2.i.v.
        0290  68 00 64 00 32 00 6e 00  4c 00 32 00 50 00 69 00   h.d.2.n.L.2.P.i.
        02a0  6d 00 74 00 2f 00 70 00  6a 00 72 00 61 00 77 00   m.t./.p.j.r.a.w.
        02b0  72 00 4a 00 49 00 37 00  6a 00 4b 00 65 00 37 00   r.J.I.7.j.K.e.7.
        02c0  4e 00 46 00 34 00 32 00  75 00 62 00 64 00 46 00   N.F.4.2.u.b.d.F.
        02d0  71 00 47 00 4c 00 50 00  63 00 48 00 70 00 73 00   q.G.L.P.c.H.p.s.
        02e0  63 00 0d 00 0a 00 61 00  61 00 53 00 52 00 39 00   c.....a.a.S.R.9.
        02f0  4d 00 77 00 2f 00 4f 00  72 00 72 00 79 00 6f 00   M.w./.O.r.r.y.o.
        0300  65 00 49 00 68 00 4d 00  67 00 30 00 55 00 51 00   e.I.h.M.g.0.U.Q.
        0310  31 00 42 00 4e 00 66 00  6a 00 4a 00 46 00 6f 00   1.B.N.f.j.J.F.o.
        0320  74 00 43 00 79 00 7a 00  76 00 32 00 2b 00 52 00   t.C.y.z.v.2.+.R.
        0330  67 00 47 00 7a 00 59 00  62 00 36 00 30 00 4c 00   g.G.z.Y.b.6.0.L.
        0340  46 00 76 00 53 00 58 00  59 00 65 00 41 00 57 00   F.v.S.X.Y.e.A.W.
        0350  54 00 39 00 46 00 47 00  67 00 56 00 68 00 78 00   T.9.F.G.g.V.h.x.
        0360  73 00 6a 00 34 00 0d 00  0a 00 35 00 44 00 57 00   s.j.4.....5.D.W.
        0370  41 00 37 00 37 00 37 00  79 00 47 00 6b 00 65 00   A.7.7.7.y.G.k.e.
        0380  57 00 48 00 4b 00 6d 00  45 00 37 00 71 00 44 00   W.H.K.m.E.7.q.D.
        0390  2b 00 6e 00 76 00 31 00  6b 00 36 00 6c 00 6f 00   +.n.v.1.k.6.l.o.
        03a0  53 00 57 00 48 00 5a 00  52 00 41 00 49 00 71 00   S.W.H.Z.R.A.I.q.
        03b0  37 00 7a 00 42 00 54 00  32 00 70 00 6b 00 36 00   7.z.B.T.2.p.k.6.
        03c0  50 00 66 00 69 00 79 00  68 00 74 00 58 00 72 00   P.f.i.y.h.t.X.r.
        03d0  54 00 57 00 52 00 4d 00  46 00 69 00 53 00 57 00   T.W.R.M.F.i.S.W.
        03e0  43 00 51 00 45 00 56 00  72 00 0d 00 0a 00 31 00   C.Q.E.V.r.....1.
        03f0  58 00 66 00 63 00 72 00  32 00 44 00 73 00 52 00   X.f.c.r.2.D.s.R.
        0400  77 00 6a 00 64 00 4e 00  39 00 43 00 36 00 54 00   w.j.d.N.9.C.6.T.
        0410  7a 00 68 00 2f 00 38 00  76 00 4c 00 4b 00 4c 00   z.h./.8.v.L.K.L.
        0420  49 00 45 00 4a 00 48 00  52 00 65 00 63 00 47 00   I.E.J.H.R.e.c.G.
        0430  6d 00 45 00 34 00 76 00  2f 00 43 00 38 00 4a 00   m.E.4.v./.C.8.J.
        0440  69 00 69 00 66 00 79 00  34 00 79 00 36 00 38 00   i.i.f.y.4.y.6.8.
        0450  66 00 4a 00 32 00 77 00  66 00 55 00 42 00 65 00   f.J.2.w.f.U.B.e.
        0460  66 00 43 00 61 00 47 00  30 00 42 00 75 00 0d 00   f.C.a.G.0.B.u...
        0470  0a 00 78 00 4b 00 49 00  63 00 55 00 4c 00 6b 00   ..x.K.I.c.U.L.k.
        0480  79 00 7a 00 36 00 76 00  2f 00 6f 00 4c 00 72 00   y.z.6.v./.o.L.r.
        0490  6c 00 4a 00 6f 00 58 00  47 00 51 00 51 00 49 00   l.J.o.X.G.Q.Q.I.
        04a0  44 00 41 00 51 00 41 00  42 00 6f 00 49 00 49 00   D.A.Q.A.B.o.I.I.
        04b0  42 00 56 00 54 00 41 00  61 00 42 00 67 00 6f 00   B.V.T.A.a.B.g.o.
        04c0  72 00 42 00 67 00 45 00  45 00 41 00 59 00 49 00   r.B.g.E.E.A.Y.I.
        04d0  33 00 44 00 51 00 49 00  44 00 4d 00 51 00 77 00   3.D.Q.I.D.M.Q.w.
        04e0  57 00 43 00 6a 00 59 00  75 00 4d 00 53 00 34 00   W.C.j.Y.u.M.S.4.
        04f0  33 00 0d 00 0a 00 4e 00  6a 00 41 00 77 00 4c 00   3.....N.j.A.w.L.
        0500  6a 00 49 00 77 00 56 00  77 00 59 00 4a 00 4b 00   j.I.w.V.w.Y.J.K.
        0510  77 00 59 00 42 00 42 00  41 00 47 00 43 00 4e 00   w.Y.B.B.A.G.C.N.
        0520  78 00 55 00 55 00 4d 00  55 00 6f 00 77 00 53 00   x.U.U.M.U.o.w.S.
        0530  41 00 49 00 42 00 42 00  51 00 77 00 51 00 51 00   A.I.B.B.Q.w.Q.Q.
        0540  55 00 31 00 4a 00 55 00  6b 00 55 00 78 00 4e 00   U.1.J.U.k.U.x.N.
        0550  43 00 35 00 69 00 61 00  58 00 6c 00 68 00 4c 00   C.5.i.a.X.l.h.L.
        0560  6d 00 4e 00 76 00 62 00  51 00 77 00 4e 00 51 00   m.N.v.b.Q.w.N.Q.
        0570  6b 00 6c 00 5a 00 0d 00  0a 00 51 00 56 00 78 00   k.l.Z.....Q.V.x.
        0580  42 00 54 00 55 00 6c 00  53 00 52 00 54 00 45 00   B.T.U.l.S.R.T.E.
        0590  30 00 4a 00 41 00 77 00  69 00 54 00 57 00 6c 00   0.J.A.w.i.T.W.l.
        05a0  6a 00 63 00 6d 00 39 00  7a 00 62 00 32 00 5a 00   j.c.m.9.z.b.2.Z.
        05b0  30 00 4c 00 6b 00 56 00  34 00 59 00 32 00 68 00   0.L.k.V.4.Y.2.h.
        05c0  68 00 62 00 6d 00 64 00  6c 00 4c 00 6c 00 4e 00   h.b.m.d.l.L.l.N.
        05d0  6c 00 63 00 6e 00 5a 00  70 00 59 00 32 00 56 00   l.c.n.Z.p.Y.2.V.
        05e0  49 00 62 00 33 00 4e 00  30 00 4c 00 6d 00 56 00   I.b.3.N.0.L.m.V.
        05f0  34 00 5a 00 54 00 42 00  71 00 0d 00 0a 00 42 00   4.Z.T.B.q.....B.
        0600  67 00 6b 00 71 00 68 00  6b 00 69 00 47 00 39 00   g.k.q.h.k.i.G.9.
        0610  77 00 30 00 42 00 43 00  51 00 34 00 78 00 58 00   w.0.B.C.Q.4.x.X.
        0620  54 00 42 00 62 00 4d 00  41 00 34 00 47 00 41 00   T.B.b.M.A.4.G.A.
        0630  31 00 55 00 64 00 44 00  77 00 45 00 42 00 2f 00   1.U.d.D.w.E.B./.
        0640  77 00 51 00 45 00 41 00  77 00 49 00 46 00 6f 00   w.Q.E.A.w.I.F.o.
        0650  44 00 41 00 63 00 42 00  67 00 4e 00 56 00 48 00   D.A.c.B.g.N.V.H.
        0660  52 00 45 00 45 00 46 00  54 00 41 00 54 00 67 00   R.E.E.F.T.A.T.g.
        0670  67 00 68 00 68 00 62 00  57 00 6c 00 79 00 0d 00   g.h.h.b.W.l.y...
        0680  0a 00 5a 00 54 00 4a 00  72 00 4e 00 34 00 49 00   ..Z.T.J.r.N.4.I.
        0690  48 00 59 00 57 00 31 00  70 00 63 00 6d 00 55 00   H.Y.W.1.p.c.m.U.
        06a0  78 00 4e 00 44 00 41 00  4d 00 42 00 67 00 4e 00   x.N.D.A.M.B.g.N.
        06b0  56 00 48 00 52 00 4d 00  42 00 41 00 66 00 38 00   V.H.R.M.B.A.f.8.
        06c0  45 00 41 00 6a 00 41 00  41 00 4d 00 42 00 30 00   E.A.j.A.A.M.B.0.
        06d0  47 00 41 00 31 00 55 00  64 00 44 00 67 00 51 00   G.A.1.U.d.D.g.Q.
        06e0  57 00 42 00 42 00 54 00  61 00 67 00 53 00 31 00   W.B.B.T.a.g.S.1.
        06f0  57 00 52 00 74 00 39 00  59 00 74 00 69 00 43 00   W.R.t.9.Y.t.i.C.
        0700  62 00 0d 00 0a 00 34 00  54 00 6a 00 47 00 71 00   b.....4.T.j.G.q.
        0710  74 00 4d 00 6f 00 44 00  75 00 42 00 4e 00 6e 00   t.M.o.D.u.B.N.n.
        0720  54 00 42 00 79 00 42 00  67 00 6f 00 72 00 42 00   T.B.y.B.g.o.r.B.
        0730  67 00 45 00 45 00 41 00  59 00 49 00 33 00 44 00   g.E.E.A.Y.I.3.D.
        0740  51 00 49 00 43 00 4d 00  57 00 51 00 77 00 59 00   Q.I.C.M.W.Q.w.Y.
        0750  67 00 49 00 42 00 41 00  52 00 35 00 61 00 41 00   g.I.B.A.R.5.a.A.
        0760  45 00 30 00 41 00 61 00  51 00 42 00 6a 00 41 00   E.0.A.a.Q.B.j.A.
        0770  48 00 49 00 41 00 62 00  77 00 42 00 7a 00 41 00   H.I.A.b.w.B.z.A.
        0780  47 00 38 00 41 00 0d 00  0a 00 5a 00 67 00 42 00   G.8.A.....Z.g.B.
        0790  30 00 41 00 43 00 41 00  41 00 55 00 67 00 42 00   0.A.C.A.A.U.g.B.
        07a0  54 00 41 00 45 00 45 00  41 00 49 00 41 00 42 00   T.A.E.E.A.I.A.B.
        07b0  54 00 41 00 45 00 4d 00  41 00 61 00 41 00 42 00   T.A.E.M.A.a.A.B.
        07c0  68 00 41 00 47 00 34 00  41 00 62 00 67 00 42 00   h.A.G.4.A.b.g.B.
        07d0  6c 00 41 00 47 00 77 00  41 00 49 00 41 00 42 00   l.A.G.w.A.I.A.B.
        07e0  44 00 41 00 48 00 49 00  41 00 65 00 51 00 42 00   D.A.H.I.A.e.Q.B.
        07f0  77 00 41 00 48 00 51 00  41 00 62 00 77 00 42 00   w.A.H.Q.A.b.w.B.
        0800  6e 00 41 00 48 00 49 00  41 00 0d 00 0a 00 59 00   n.A.H.I.A.....Y.
        0810  51 00 42 00 77 00 41 00  47 00 67 00 41 00 61 00   Q.B.w.A.G.g.A.a.
        0820  51 00 42 00 6a 00 41 00  43 00 41 00 41 00 55 00   Q.B.j.A.C.A.A.U.
        0830  41 00 42 00 79 00 41 00  47 00 38 00 41 00 64 00   A.B.y.A.G.8.A.d.
        0840  67 00 42 00 70 00 41 00  47 00 51 00 41 00 5a 00   g.B.p.A.G.Q.A.Z.
        0850  51 00 42 00 79 00 41 00  77 00 45 00 41 00 4d 00   Q.B.y.A.w.E.A.M.
        0860  41 00 30 00 47 00 43 00  53 00 71 00 47 00 53 00   A.0.G.C.S.q.G.S.
        0870  49 00 62 00 33 00 44 00  51 00 45 00 42 00 42 00   I.b.3.D.Q.E.B.B.
        0880  51 00 55 00 41 00 41 00  34 00 49 00 42 00 0d 00   Q.U.A.A.4.I.B...
        0890  0a 00 41 00 51 00 43 00  59 00 6f 00 79 00 54 00   ..A.Q.C.Y.o.y.T.
        08a0  68 00 47 00 67 00 37 00  55 00 2b 00 53 00 45 00   h.G.g.7.U.+.S.E.
        08b0  61 00 61 00 4e 00 43 00  71 00 42 00 4e 00 51 00   a.a.N.C.q.B.N.Q.
        08c0  30 00 71 00 70 00 4e 00  4e 00 68 00 41 00 72 00   0.q.p.N.N.h.A.r.
        08d0  30 00 76 00 38 00 41 00  49 00 74 00 48 00 6b 00   0.v.8.A.I.t.H.k.
        08e0  44 00 4d 00 73 00 61 00  5a 00 7a 00 6c 00 54 00   D.M.s.a.Z.z.l.T.
        08f0  69 00 4d 00 43 00 32 00  6d 00 63 00 4a 00 68 00   i.M.C.2.m.c.J.h.
        0900  4e 00 63 00 65 00 63 00  67 00 6b 00 35 00 31 00   N.c.e.c.g.k.5.1.
        0910  6d 00 0d 00 0a 00 4e 00  71 00 79 00 73 00 31 00   m.....N.q.y.s.1.
        0920  46 00 61 00 59 00 64 00  50 00 36 00 64 00 36 00   F.a.Y.d.P.6.d.6.
        0930  34 00 44 00 63 00 39 00  30 00 42 00 69 00 68 00   4.D.c.9.0.B.i.h.
        0940  54 00 49 00 71 00 72 00  79 00 54 00 66 00 35 00   T.I.q.r.y.T.f.5.
        0950  6c 00 5a 00 71 00 33 00  6f 00 6e 00 7a 00 33 00   l.Z.q.3.o.n.z.3.
        0960  62 00 4b 00 68 00 34 00  6a 00 37 00 62 00 79 00   b.K.h.4.j.7.b.y.
        0970  52 00 65 00 37 00 46 00  46 00 36 00 4a 00 4a 00   R.e.7.F.F.6.J.J.
        0980  74 00 5a 00 69 00 58 00  41 00 45 00 4b 00 38 00   t.Z.i.X.A.E.K.8.
        0990  66 00 49 00 7a 00 0d 00  0a 00 32 00 38 00 55 00   f.I.z.....2.8.U.
        09a0  7a 00 70 00 67 00 46 00  6c 00 4a 00 7a 00 6e 00   z.p.g.F.l.J.z.n.
        09b0  51 00 79 00 73 00 57 00  76 00 46 00 77 00 37 00   Q.y.s.W.v.F.w.7.
        09c0  44 00 4a 00 50 00 64 00  64 00 41 00 4b 00 4c 00   D.J.P.d.d.A.K.L.
        09d0  48 00 53 00 35 00 71 00  58 00 44 00 6d 00 55 00   H.S.5.q.X.D.m.U.
        09e0  46 00 61 00 7a 00 47 00  4f 00 6d 00 35 00 31 00   F.a.z.G.O.m.5.1.
        09f0  33 00 6e 00 2b 00 38 00  34 00 48 00 44 00 36 00   3.n.+.8.4.H.D.6.
        0a00  62 00 6f 00 46 00 77 00  77 00 4e 00 61 00 72 00   b.o.F.w.w.N.a.r.
        0a10  78 00 7a 00 5a 00 62 00  71 00 0d 00 0a 00 4d 00   x.z.Z.b.q.....M.
        0a20  46 00 68 00 5a 00 46 00  49 00 49 00 35 00 2f 00   F.h.Z.F.I.I.5./.
        0a30  43 00 73 00 75 00 57 00  35 00 4a 00 55 00 51 00   C.s.u.W.5.J.U.Q.
        0a40  54 00 73 00 39 00 33 00  49 00 59 00 79 00 73 00   T.s.9.3.I.Y.y.s.
        0a50  32 00 61 00 37 00 36 00  39 00 47 00 4d 00 63 00   2.a.7.6.9.G.M.c.
        0a60  57 00 37 00 36 00 50 00  6c 00 75 00 4e 00 30 00   W.7.6.P.l.u.N.0.
        0a70  6d 00 34 00 67 00 34 00  48 00 74 00 69 00 31 00   m.4.g.4.H.t.i.1.
        0a80  54 00 52 00 45 00 70 00  73 00 42 00 47 00 39 00   T.R.E.p.s.B.G.9.
        0a90  59 00 57 00 68 00 57 00  62 00 71 00 30 00 0d 00   Y.W.h.W.b.q.0...
        0aa0  0a 00 68 00 32 00 77 00  4f 00 5a 00 45 00 78 00   ..h.2.w.O.Z.E.x.
        0ab0  31 00 4d 00 4c 00 50 00  78 00 48 00 5a 00 68 00   1.M.L.P.x.H.Z.h.
        0ac0  63 00 6d 00 68 00 44 00  7a 00 6c 00 38 00 43 00   c.m.h.D.z.l.8.C.
        0ad0  75 00 7a 00 4b 00 75 00  57 00 6f 00 53 00 56 00   u.z.K.u.W.o.S.V.
        0ae0  6f 00 63 00 6f 00 43 00  4f 00 56 00 79 00 69 00   o.c.o.C.O.V.y.i.
        0af0  6c 00 36 00 66 00 31 00  58 00 4a 00 6a 00 54 00   l.6.f.1.X.J.j.T.
        0b00  58 00 32 00 67 00 62 00  32 00 69 00 50 00 53 00   X.2.g.b.2.i.P.S.
        0b10  57 00 6f 00 7a 00 6e 00  48 00 32 00 37 00 56 00   W.o.z.n.H.2.7.V.
        0b20  30 00 0d 00 0a 00 48 00  59 00 30 00 74 00 73 00   0.....H.Y.0.t.s.
        0b30  33 00 49 00 76 00 64 00  64 00 4c 00 74 00 6a 00   3.I.v.d.d.L.t.j.
        0b40  2b 00 7a 00 59 00 33 00  66 00 47 00 34 00 77 00   +.z.Y.3.f.G.4.w.
        0b50  45 00 2f 00 42 00 0d 00  0a 00 0d 00 0a 00 2d 00   E./.B.........-.
        0b60  2d 00 2d 00 2d 00 2d 00  45 00 4e 00 44 00 20 00   -.-.-.-.E.N.D. .
        0b70  4e 00 45 00 57 00 20 00  43 00 45 00 52 00 54 00   N.E.W. .C.E.R.T.
        0b80  49 00 46 00 49 00 43 00  41 00 54 00 45 00 20 00   I.F.I.C.A.T.E. .
        0b90  52 00 45 00 51 00 55 00  45 00 53 00 54 00 2d 00   R.E.Q.U.E.S.T.-.
        0ba0  2d 00 2d 00 2d 00 2d 00  0d 00 0a 00               -.-.-.-.....
    CertUtil: -dump command completed successfully.

    I then ran the same command on certreq1.req file which has ANSI Encoding. Notice the output here, proper English, you can see it is a new certificate request.

    C:\WINDOWS\system32>certutil -dump certreq2.req
    PKCS10 Certificate Request:
    Version: 1
    Subject:
        C=US
        S=TX
        L=Dallas
        O=Contoso
        OU=Org Unit
        CN=amire14

    Public Key Algorithm:
        Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
        Algorithm Parameters:
        05 00
    Public Key Length: 2048 bits
    Public Key: UnusedBits = 0
        0000  30 82 01 0a 02 82 01 01  00 a0 f0 c0 8f ae 6e cf
        0010  0c 00 8c c0 99 86 c3 b1  ab 02 52 74 93 96 68 b0
        0020  0c 70 94 f7 d0 e8 db c7  97 75 67 df 33 82 ce d7
        0030  e0 43 54 de 7b 94 58 16  ca 6d c7 a7 83 d9 55 e8
        0040  05 76 4c 9c 24 6e ff 9d  da 2b e1 77 69 cb d8 f8
        0050  a6 b7 fa 63 ad ac 2b 24  8e e3 29 ee cd 17 8d ae
        0060  6d d1 6a 18 b3 dc 1e 9b  1c 69 a4 91 f4 cc 3f 3a
        0070  ba f2 a1 e2 21 32 0d 14  43 50 4d 7e 32 45 a2 d0
        0080  b2 ce fd be 46 01 b3 61  be b4 2c 5b d2 5d 87 80
        0090  59 3f 45 1a 05 61 c6 c8  f8 e4 35 80 ef be f2 1a
        00a0  47 96 1c a9 84 ee a0 fe  9e fd 64 ea 5a 12 58 76
        00b0  51 00 8a bb cc 14 f6 a6  4e 8f 7e 2c a1 b5 7a d3
        00c0  59 13 05 89 25 82 40 45  6b d5 77 dc af 60 ec 47
        00d0  08 dd 37 d0 ba 4f 38 7f  f2 f2 ca 2c 81 09 1d 17
        00e0  9c 1a 61 38 bf f0 bc 26  28 9f cb 8c ba f1 f2 76
        00f0  c1 f5 01 79 f0 9a 1b 40  6e c4 a2 1c 50 b9 32 cf
        0100  ab ff a0 ba e5 26 85 c6  41 02 03 01 00 01
    Request Attributes: 4
      4 attributes:

      Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version)
        Value[0][0]:
            6.1.7600.2

      Attribute[1]: 1.3.6.1.4.1.311.21.20 (Client Information)
        Value[1][0]:
        Unknown Attribute type
        Client Id: = 5
        User: BIYA\AMIRE14$
        Machine: AMIRE14.biya.com
        Process: Microsoft.Exchange.ServiceHost.exe

      Attribute[2]: 1.2.840.113549.1.9.14 (Certificate Extensions)
        Value[2][0]:
        Unknown Attribute type
    Certificate Extensions: 4
        2.5.29.15: Flags = 1(Critical), Length = 4
        Key Usage
            Digital Signature, Key Encipherment (a0)

        2.5.29.17: Flags = 0, Length = 15
        Subject Alternative Name
            DNS Name=amire2k7
            DNS Name=amire14

        2.5.29.19: Flags = 1(Critical), Length = 2
        Basic Constraints
            Subject Type=End Entity
            Path Length Constraint=None

        2.5.29.14: Flags = 0, Length = 16
        Subject Key Identifier
            da 81 2d 56 46 df 58 b6 20 9b e1 38 c6 aa d3 28 0e e0 4d 9d


      Attribute[3]: 1.3.6.1.4.1.311.13.2.2 (Enrollment CSP)
        Value[3][0]:
        Unknown Attribute type
        CSP Provider Info
        KeySpec = 1
        Provider = Microsoft RSA SChannel Cryptographic Provider
        Signature: UnusedBits=0
    Signature Algorithm:
        Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
        Algorithm Parameters:
        05 00
    Signature: UnusedBits=0
        0000  c1 4f c0 b8 f1 dd d8 ec  8f ed d2 75 2f 72 b3 2d
        0010  8d 1d 74 b5 db c7 39 a3  96 f4 88 f6 06 da d7 34
        0020  26 57 fd e9 a5 28 57 8e  80 72 68 25 a1 96 ab cc
        0030  ae c0 97 f3 10 9a 5c 98  1d f1 b3 30 75 4c 64 0e
        0040  6c 87 b4 ba 59 a1 85 f5  46 c0 a6 44 34 d5 62 7b
        0050  e0 20 6e d2 8d 5b 3e fa  6e 71 8c d1 eb bb 66 b3
        0060  32 86 dc 3d 3b 41 54 92  5b 2e 2b fc 39 82 14 59
        0070  58 30 ea 96 cd f1 aa 35  30 5c a0 9b 3e 1c 38 ef
        0080  9f 77 9d 9b 8e 31 6b 05  65 0e 97 9a 4b c7 a2 00
        0090  5d f7 24 c3 0e 17 af c5  ca d0 39 27 65 01 a6 33
        00a0  c5 db 33 f2 f1 0a 01 5c  62 d6 26 89 5e 14 bb 17
        00b0  c9 db 3e e2 a1 b2 dd f3  89 de 6a 56 e6 df 24 af
        00c0  2a 32 85 62 40 f7 dc 80  eb 9d fe 74 98 56 d4 ac
        00d0  ac 36 66 9d 93 20 e7 71  4d 98 70 a6 2d 30 e2 54
        00e0  ce 99 c6 32 03 79 b4 08  c0 bf f4 0a 84 4d 93 aa
        00f0  34 d4 04 aa d0 68 1a 21  f9 d4 0e 1a e1 24 a3 98
    Signature matches Public Key
    Key Id Hash(sha1): b5 77 f3 3f 58 8a c9 4e 61 9b 18 68 fd 8e ee 0c fc c5 5a 90
    Subject Key Id (precomputed): da 81 2d 56 46 df 58 b6 20 9b e1 38 c6 aa d3 28 0e
     e0 4d 9d
    CertUtil: -dump command completed successfully.

    So that's another way to quickly find out if your certreq.req file is saved in ANSI or Unicode encoding. Of course, the one in Unicode will not work with Windows CA & the one in ANSI will work fine with it.

    I also asked around about this issue & a dev from Windows CA team said the CA admin snap-in (i.e. right click on CA's name node | All Tasks | Submit new request), creates a process to execute certreq –submit. It does not collect the output or report any error that certreq.exe might return; it simply kicks off the process. certreq –submit will handle ANSI Base64 text with and without PEM headers, as well as Binary – but it does not handle Unicode at this moment. Starting with Windows Vista in many other contexts, we do support Unicode Base 64 text files with and without a byte-order-mark (BOM), as well as big-endian Unicode with a big-endian BOM (such as when certutil dumps requests). certreq –submit will report an invalid data error when told to submit request from a Unicode Base64 text file.

    HTH! 


    Sr. Program Manager, Product Quality, Exchange Client Access Server
    Wednesday, September 14, 2011 9:21 PM
  • I was playing with dcom, security, activation, registry, cert service and who knows what, till I find this post from you. thank you, it worked. i was stuck when creating new selfsigned cert for exchange2010, and this solved it.

    Monday, January 16, 2012 12:19 PM
  • Hi,

    I installed a Certification Authority on a Windows Server 2008 R2 domain member to secure Exchange 2010 "Outlook Web App" with SSL.

    I created the Certificate Request (cert.req) from the EMC "Exchange Certificates" screen, but when I use the "submit new request" function of the CA MMC, nothing happens, no error message, nothing.

    Any ideas ?


    - ThePro

    Hi ! - i had the same problem,

    Certificate for Exchange actually issuing automaticaly, ( once i installed Cert Service )

    but it appeared in the list later?

    Possible reason is Group Policy ( where you can set up Auto enrollment )

    Wednesday, May 16, 2012 5:14 AM