Hello All. Thank you in advance for looking at this question. I am running into some issues creating a certificate request file using certreq.exe on a Windows Server 2003 R2 SP2 machine. The end goal of this is to enable TLS/SSL for inbound administrative remote desktop connections through terminal services. Here are the facts: Terminal Server (Windows Server 2003 R2 SP2 Standard) Standalone CA (Windows Server 2008 R2 SP1 Standard) Running CertReq.exe on the W2K3 server to create the request file with the following command line: certreq.exe -new certreq.inf certreq.req Contents of inf file: [NewRequest] Subject = "CN=***,OU=***,O=***,L=***,S=***,C=***" EncipherOnly = False Exportable = True KeyLength = 2048 KeyUsage = 0xf0 MachineKeySet = True ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 [EnhancedKeyUsageExtension] OID = 1.3.6.1.5.5.7.3.1 When I execute this command I am presented with the following error: Certificate Request Processor: Invalid algorithm specified. 0x80090008 (-2146893816) Running certutil -csplist returns the RSA SChannel as an available provider. This particular server has IIS on it so i created an offline request file through IIS using the defined CSP of Microsoft RSA SChannel Cryptographic Provider and I am able to create a request file to pass to my CA. I can then bring the cert back to my Win2k3 box and install it happily with no problems. Remote Desktop works fine through the new security settings. I tried creating the request using a CSP of "Microsoft Enhanced RSA and AES Cryptographic Provider" using the certreq.exe utility. This worked without a problem however after using this cert in terminal services, I was unable to authenticate via RDP to the server. I'm at a loss as to why I am unable to specify the required CSP by using certreq.exe! Is there anyone that can assist me with this? As a side note, I did try using the certsrv web pages on my 2008 CA to request an advanced server authentication certificate. After installing this cert and making sure it was in the Personal > Local Computer store I could never get it to appear as a selectable certificate in Terminal Services. Perhaps it needs more than "Key Encipherment and Data Encipherment" which is all the CA would issue me using the advanced request web pages for a server authentication certificate.