Submit new request - nothing happens
Hi, I installed a Certification Authority on a Windows Server 2008 R2 domain member to secure Exchange 2010 "Outlook Web App" with SSL. I created the Certificate Request (cert.req) from the EMC "Exchange Certificates" screen, but when I use the "submit new request" function of the CA MMC, nothing happens, no error message, nothing. Any ideas ?- ThePro
December 24th, 2010 6:10pm

Now you need to copy the cert.req to the CA server web interface and download the certificate from the CA server. MCSA, MCSE, MCITP:SA, MCITP:EA, MCTS:Exchange Server 2010 Config, CCNA
Free Windows Admin Tool Kit Click here and download it now
December 24th, 2010 6:59pm

Hi, I installed a Certification Authority on a Windows Server 2008 R2 domain member to secure Exchange 2010 "Outlook Web App" with SSL. I created the Certificate Request (cert.req) from the EMC "Exchange Certificates" screen, but when I use the "submit new request" function of the CA MMC, nothing happens, no error message, nothing. Any ideas ? - ThePro In the same MMC locate Issued Certificates node and ensure if your certificate was issued. Double-click on certificate, switch to Details tab a click Copyt to file button. Follow instructions, move the file to Exchange server and install it. > Now you need to copy the cert.req to the CA server web interface and download the certificate from the CA server. no, this is not correct answer. Author already submitted request to CA server.http://en-us.sysadmins.lv
December 25th, 2010 3:42am

In the same MMC locate Issued Certificates node and ensure if your certificate was issued. There nothing in the "Issued certificate" screen, neither in "Pending requests" nor "Failed Requests" - ThePro
Free Windows Admin Tool Kit Click here and download it now
December 25th, 2010 10:30am

try to perform the same operation, but from command line: certreq -submit requestfile.req In the opened dialog box select required CA server and check for any messages.http://en-us.sysadmins.lv
December 25th, 2010 11:29am

The error message is: Active Directory Enrollment Policy {04D0DAAD-B09E-4083-AF37-4D6131C40066} ldap: Certificate not issued (Incomplete) Thanks for your help !- ThePro
Free Windows Admin Tool Kit Click here and download it now
December 25th, 2010 12:15pm

Can you show us the output of the following command: certutil -dump requestfile.req it is probably that certificate request is missing Certificate Template information. If so, make sure if appropriate template is assigned to CA server (for example, WebServer template) and submit request as follows: certreq -submit -attrib "CertificateTemplate:WebServer" requestfile.reqhttp://en-us.sysadmins.lv
December 25th, 2010 12:33pm

Here is the output: ------ PKCS10 Certificate Request: Version: 1 Subject: C=CA S=Quebec L=Saguenay O=Grimard OU=Head office CN=exchange.grimard.ca Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN) Algorithm Parameters: 05 00 Public Key Length: 2048 bits Public Key: UnusedBits = 0 0000 30 82 01 0a 02 82 01 01 00 d8 c7 65 6d 06 37 dd 0010 13 dc 04 92 c4 0f b5 c2 1c 53 7f dc 5f 85 11 c6 0020 90 eb 9d a4 09 a8 ae e7 25 38 07 66 b7 bc 74 1b 0030 a1 ce 6b e1 be 83 aa fa 5d 28 a7 ee 30 44 08 52 0040 6a ae 09 6b 07 a4 cc 45 2b 4b 36 0e 2f a1 df ed 0050 45 c3 b1 77 1f f9 11 7d 88 6f ca a8 1e 18 31 d0 0060 90 cb 1d 85 62 7d 88 2b 11 9c 3d b6 7a 5a 90 a1 0070 48 3e 73 e2 69 cc 13 79 ae 3a 0f d8 dd ff 78 6d 0080 41 43 e9 1a 92 41 0a ad aa f4 2a bd 9b c0 94 bd 0090 b3 ce de b0 6c c6 54 70 a3 b2 a5 4f 9f 17 39 8b 00a0 03 b8 b4 0a ff 6d d4 48 35 86 22 75 2e 79 ea 52 00b0 55 34 56 7c 42 55 b8 9b 49 5d 16 89 d6 f5 f1 51 00c0 dc c0 bc 4d 35 d2 ed 6a 0b 8f 6a 1b 85 0b 55 02 00d0 65 6a 4d d9 53 17 6e 97 73 b5 65 4b b6 45 8a 3b 00e0 52 5d 9f ea 4e e0 80 5e 48 e5 f3 89 f3 b8 6c ca 00f0 fd 53 25 82 9c fd f9 20 25 60 86 d6 7f 12 12 06 0100 76 1d 1a 64 78 7e 47 c7 33 02 03 01 00 01 Request Attributes: 4 4 attributes: Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version) Value[0][0]: 6.1.7600.2 Attribute[1]: 1.3.6.1.4.1.311.21.20 (Client Information) Value[1][0]: Unknown Attribute type Client Id: = 5 ClientIdDefaultRequest -- 5 User: GRIMARD\EXCHANGE3$ Machine: EXCHANGE3.grimard.ca Process: Microsoft.Exchange.ServiceHost.exe Attribute[2]: 1.3.6.1.4.1.311.13.2.2 (Enrollment CSP) Value[2][0]: Unknown Attribute type CSP Provider Info KeySpec = 1 Provider = Microsoft RSA SChannel Cryptographic Provider Signature: UnusedBits=0 Attribute[3]: 1.2.840.113549.1.9.14 (Certificate Extensions) Value[3][0]: Unknown Attribute type Certificate Extensions: 4 2.5.29.15: Flags = 1(Critical), Length = 4 Key Usage Digital Signature, Key Encipherment (a0) 2.5.29.17: Flags = 0, Length = 30 Subject Alternative Name DNS Name=exchange.grimard.ca DNS Name=autodiscover.grimard.ca 2.5.29.19: Flags = 1(Critical), Length = 2 Basic Constraints Subject Type=End Entity Path Length Constraint=None 2.5.29.14: Flags = 0, Length = 16 Subject Key Identifier 28 94 a3 60 f9 9f 98 2e 0a bc fd 45 23 c1 98 17 43 a3 83 ac Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 3c 9b 96 b5 f6 e7 9d c6 ec 57 a8 68 2f 32 af 66 0010 40 75 30 ea fd 22 d3 1b 50 b2 84 50 37 d9 91 85 0020 5a 71 a5 67 fb 88 4b fd 4a e3 c0 1d 06 c9 41 02 0030 86 ce 1e ca 8b 63 ed 69 8b 97 d4 7d 20 f3 f2 59 0040 7d 1a fa 1c fd 61 a5 77 c9 b1 4a 25 e7 4c 89 74 0050 7a 21 06 80 7a 53 8d 53 84 25 99 cd 9e 2b 09 ae 0060 35 81 06 86 e0 8e 61 cb ee b3 d6 20 72 3e c0 a3 0070 01 9e 73 c3 ef 4c 25 d1 03 ec 00 76 8e 3b fb 76 0080 b0 60 88 a8 d3 65 0d 62 64 f7 39 28 bc 46 3c 7d 0090 6e 36 ca 8e f9 59 e9 3b b2 12 a3 51 e9 24 31 95 00a0 2b 10 e5 49 3d 96 f4 d5 00 d0 65 ef 23 fe 86 91 00b0 ee 28 4f 03 c8 ca 5c 3c 28 9c c5 8a b2 2b 8a 7a 00c0 ff 8e 84 25 8d 20 2e b1 39 e8 99 bb 76 5c 1f b1 00d0 2d df da 32 22 11 1d 96 24 b8 8a 4a a4 a4 0c e0 00e0 09 07 12 61 d3 a5 0e 42 f4 5a 0e 68 86 b2 20 a9 00f0 a2 58 4a fa 22 40 ea e0 75 81 20 c9 ec 68 21 7d Signature matches Public Key Key Id Hash(rfc-sha1): 28 94 a3 60 f9 9f 98 2e 0a bc fd 45 23 c1 98 17 43 a3 83 ac Key Id Hash(sha1): 22 90 54 cf 72 8b cb 5f ec f9 91 a4 82 f0 bc 5a 0e 14 44 6e CertUtil: -dump command completed successfully. ------- ThePro
Free Windows Admin Tool Kit Click here and download it now
December 25th, 2010 12:36pm

As I assumed, Certificate Template extension is missing. In addition your request contains Subject Alternative Name extension. By default Windows CA don''t allow this extension for templates where subject is constructed from request information. Run the following commands on the CA server: certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 net stop certsvc net start certsvc make sure if appropriate template is assigned to CA server (for example, WebServer template) and submit request as follows: certreq -submit -attrib "CertificateTemplate:WebServer" requestfile.reqhttp://en-us.sysadmins.lv
December 25th, 2010 1:00pm

Thanks. I ran these steps, but I still have the same error message. How do I select which template to use ?- ThePro
Free Windows Admin Tool Kit Click here and download it now
December 25th, 2010 1:40pm

This command parameter: -attrib "CertificateTemplate:WebServer" will specify template name.http://en-us.sysadmins.lv
December 25th, 2010 4:18pm

My question was: how do I know if "WebServer" is the right template for an Exchange server ? Thanks again.- ThePro
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2010 7:57am

Exchange server requires server authentication certificate, so Outlook clients are able to communicate with Exchange over HTTPS (SSL). Server certificate guarantees that Outlook is connected to right server. Default WebServer template met all those requirements for Exchange server.http://en-us.sysadmins.lv
December 27th, 2010 9:08am

Ok, but I still get: Active Directory Enrollment Policy {04D0DAAD-B09E-4083-AF37-4D6131C40066} ldap: Certificate not issued (Incomplete)- ThePro
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2010 9:12am

can you send me a copy of the request file (vpodans&sysadmins.lv)? Replace & with @.http://en-us.sysadmins.lv
December 27th, 2010 9:47am

I have checked your request file. The problem is that the file is saved in Unicode encoding which is not supported. Open file in notepad and save it in ANSI encoding.http://en-us.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2010 1:08pm

Problem solved. Thank you very much.- ThePro
December 27th, 2010 2:20pm

Vadims is correct that the Windows Certificate Authority MMC Admin snap-in (i.e. right click on CA's name node | All Tasks | Submit new request) does not support a certificate request file (*.req) saved in Unicode encoding. You'll have to convert its encoding to ANSI so that CA Admin snap-in can utilize it. As he mentioned using NotePad one can easily convert the encoding from Unicode to ANSI. The 'New Exchange Certificate' wizard in Exchange 2010 does generate a certificate request file with Unicode encoding. I looked into it using instructions provided by Vadims here & in other forum posts. If you look at the original certreq file, it looks like this in NotePad: Now when you do: NotePad | File | Save As, in that new 'Save As' dialog box, you will see the Encoding set to Unicode for this file: All you need to do there is change the Encoding to ANSI, give it a new File name, like certreq1.req, change the Save as type to All Files (otherwise it will be saved as a text file by default)... And then you're all done. Keep in mind that even now after encoding conversion if you open the file in NotePad, it'll still look like as it looked before, as in screenshot pasted above. Another thing mentioned by Vadims is that you can use certutil to get an idea of certreq file's encoding. Certutil is a utility (certutil.exe) you'll find in Windows\System32 folder on a Windows machine. Before using the commands below I copied both files (certreq.req with Unicode Encoding & certreq1.req with ANSI Encoding) to the same \system32 folder. I then ran the following command on certreq.req file which has Unicode Encoding. Notice the output here, not easy to understand. C:\WINDOWS\system32>certutil -dump certreq.req 0000 2d 00 2d 00 2d 00 2d 00 2d 00 42 00 45 00 47 00 -.-.-.-.-.B.E.G. 0010 49 00 4e 00 20 00 4e 00 45 00 57 00 20 00 43 00 I.N. .N.E.W. .C. 0020 45 00 52 00 54 00 49 00 46 00 49 00 43 00 41 00 E.R.T.I.F.I.C.A. 0030 54 00 45 00 20 00 52 00 45 00 51 00 55 00 45 00 T.E. .R.E.Q.U.E. 0040 53 00 54 00 2d 00 2d 00 2d 00 2d 00 2d 00 0d 00 S.T.-.-.-.-.-... 0050 0a 00 4d 00 49 00 49 00 44 00 2f 00 6a 00 43 00 ..M.I.I.D./.j.C. 0060 43 00 41 00 75 00 59 00 43 00 41 00 51 00 41 00 C.A.u.Y.C.A.Q.A. 0070 77 00 59 00 6a 00 45 00 51 00 4d 00 41 00 34 00 w.Y.j.E.Q.M.A.4. 0080 47 00 41 00 31 00 55 00 45 00 41 00 77 00 77 00 G.A.1.U.E.A.w.w. 0090 48 00 59 00 57 00 31 00 70 00 63 00 6d 00 55 00 H.Y.W.1.p.c.m.U. 00a0 78 00 4e 00 44 00 45 00 52 00 4d 00 41 00 38 00 x.N.D.E.R.M.A.8. 00b0 47 00 41 00 31 00 55 00 45 00 43 00 77 00 77 00 G.A.1.U.E.C.w.w. 00c0 49 00 54 00 33 00 4a 00 6e 00 49 00 46 00 56 00 I.T.3.J.n.I.F.V. 00d0 75 00 0d 00 0a 00 61 00 58 00 51 00 78 00 45 00 u.....a.X.Q.x.E. 00e0 44 00 41 00 4f 00 42 00 67 00 4e 00 56 00 42 00 D.A.O.B.g.N.V.B. 00f0 41 00 6f 00 4d 00 42 00 30 00 4e 00 76 00 62 00 A.o.M.B.0.N.v.b. 0100 6e 00 52 00 76 00 63 00 32 00 38 00 78 00 44 00 n.R.v.c.2.8.x.D. 0110 7a 00 41 00 4e 00 42 00 67 00 4e 00 56 00 42 00 z.A.N.B.g.N.V.B. 0120 41 00 63 00 4d 00 42 00 6b 00 52 00 68 00 62 00 A.c.M.B.k.R.h.b. 0130 47 00 78 00 68 00 63 00 7a 00 45 00 4c 00 4d 00 G.x.h.c.z.E.L.M. 0140 41 00 6b 00 47 00 41 00 31 00 55 00 45 00 43 00 A.k.G.A.1.U.E.C. 0150 41 00 77 00 43 00 0d 00 0a 00 56 00 46 00 67 00 A.w.C.....V.F.g. 0160 78 00 43 00 7a 00 41 00 4a 00 42 00 67 00 4e 00 x.C.z.A.J.B.g.N. 0170 56 00 42 00 41 00 59 00 54 00 41 00 6c 00 56 00 V.B.A.Y.T.A.l.V. 0180 54 00 4d 00 49 00 49 00 42 00 49 00 6a 00 41 00 T.M.I.I.B.I.j.A. 0190 4e 00 42 00 67 00 6b 00 71 00 68 00 6b 00 69 00 N.B.g.k.q.h.k.i. 01a0 47 00 39 00 77 00 30 00 42 00 41 00 51 00 45 00 G.9.w.0.B.A.Q.E. 01b0 46 00 41 00 41 00 4f 00 43 00 41 00 51 00 38 00 F.A.A.O.C.A.Q.8. 01c0 41 00 4d 00 49 00 49 00 42 00 43 00 67 00 4b 00 A.M.I.I.B.C.g.K. 01d0 43 00 41 00 51 00 45 00 41 00 0d 00 0a 00 6f 00 C.A.Q.E.A.....o. 01e0 50 00 44 00 41 00 6a 00 36 00 35 00 75 00 7a 00 P.D.A.j.6.5.u.z. 01f0 77 00 77 00 41 00 6a 00 4d 00 43 00 5a 00 68 00 w.w.A.j.M.C.Z.h. 0200 73 00 4f 00 78 00 71 00 77 00 4a 00 53 00 64 00 s.O.x.q.w.J.S.d. 0210 4a 00 4f 00 57 00 61 00 4c 00 41 00 4d 00 63 00 J.O.W.a.L.A.M.c. 0220 4a 00 54 00 33 00 30 00 4f 00 6a 00 62 00 78 00 J.T.3.0.O.j.b.x. 0230 35 00 64 00 31 00 5a 00 39 00 38 00 7a 00 67 00 5.d.1.Z.9.8.z.g. 0240 73 00 37 00 58 00 34 00 45 00 4e 00 55 00 33 00 s.7.X.4.E.N.U.3. 0250 6e 00 75 00 55 00 57 00 42 00 62 00 4b 00 0d 00 n.u.U.W.B.b.K... 0260 0a 00 62 00 63 00 65 00 6e 00 67 00 39 00 6c 00 ..b.c.e.n.g.9.l. 0270 56 00 36 00 41 00 56 00 32 00 54 00 4a 00 77 00 V.6.A.V.2.T.J.w. 0280 6b 00 62 00 76 00 2b 00 64 00 32 00 69 00 76 00 k.b.v.+.d.2.i.v. 0290 68 00 64 00 32 00 6e 00 4c 00 32 00 50 00 69 00 h.d.2.n.L.2.P.i. 02a0 6d 00 74 00 2f 00 70 00 6a 00 72 00 61 00 77 00 m.t./.p.j.r.a.w. 02b0 72 00 4a 00 49 00 37 00 6a 00 4b 00 65 00 37 00 r.J.I.7.j.K.e.7. 02c0 4e 00 46 00 34 00 32 00 75 00 62 00 64 00 46 00 N.F.4.2.u.b.d.F. 02d0 71 00 47 00 4c 00 50 00 63 00 48 00 70 00 73 00 q.G.L.P.c.H.p.s. 02e0 63 00 0d 00 0a 00 61 00 61 00 53 00 52 00 39 00 c.....a.a.S.R.9. 02f0 4d 00 77 00 2f 00 4f 00 72 00 72 00 79 00 6f 00 M.w./.O.r.r.y.o. 0300 65 00 49 00 68 00 4d 00 67 00 30 00 55 00 51 00 e.I.h.M.g.0.U.Q. 0310 31 00 42 00 4e 00 66 00 6a 00 4a 00 46 00 6f 00 1.B.N.f.j.J.F.o. 0320 74 00 43 00 79 00 7a 00 76 00 32 00 2b 00 52 00 t.C.y.z.v.2.+.R. 0330 67 00 47 00 7a 00 59 00 62 00 36 00 30 00 4c 00 g.G.z.Y.b.6.0.L. 0340 46 00 76 00 53 00 58 00 59 00 65 00 41 00 57 00 F.v.S.X.Y.e.A.W. 0350 54 00 39 00 46 00 47 00 67 00 56 00 68 00 78 00 T.9.F.G.g.V.h.x. 0360 73 00 6a 00 34 00 0d 00 0a 00 35 00 44 00 57 00 s.j.4.....5.D.W. 0370 41 00 37 00 37 00 37 00 79 00 47 00 6b 00 65 00 A.7.7.7.y.G.k.e. 0380 57 00 48 00 4b 00 6d 00 45 00 37 00 71 00 44 00 W.H.K.m.E.7.q.D. 0390 2b 00 6e 00 76 00 31 00 6b 00 36 00 6c 00 6f 00 +.n.v.1.k.6.l.o. 03a0 53 00 57 00 48 00 5a 00 52 00 41 00 49 00 71 00 S.W.H.Z.R.A.I.q. 03b0 37 00 7a 00 42 00 54 00 32 00 70 00 6b 00 36 00 7.z.B.T.2.p.k.6. 03c0 50 00 66 00 69 00 79 00 68 00 74 00 58 00 72 00 P.f.i.y.h.t.X.r. 03d0 54 00 57 00 52 00 4d 00 46 00 69 00 53 00 57 00 T.W.R.M.F.i.S.W. 03e0 43 00 51 00 45 00 56 00 72 00 0d 00 0a 00 31 00 C.Q.E.V.r.....1. 03f0 58 00 66 00 63 00 72 00 32 00 44 00 73 00 52 00 X.f.c.r.2.D.s.R. 0400 77 00 6a 00 64 00 4e 00 39 00 43 00 36 00 54 00 w.j.d.N.9.C.6.T. 0410 7a 00 68 00 2f 00 38 00 76 00 4c 00 4b 00 4c 00 z.h./.8.v.L.K.L. 0420 49 00 45 00 4a 00 48 00 52 00 65 00 63 00 47 00 I.E.J.H.R.e.c.G. 0430 6d 00 45 00 34 00 76 00 2f 00 43 00 38 00 4a 00 m.E.4.v./.C.8.J. 0440 69 00 69 00 66 00 79 00 34 00 79 00 36 00 38 00 i.i.f.y.4.y.6.8. 0450 66 00 4a 00 32 00 77 00 66 00 55 00 42 00 65 00 f.J.2.w.f.U.B.e. 0460 66 00 43 00 61 00 47 00 30 00 42 00 75 00 0d 00 f.C.a.G.0.B.u... 0470 0a 00 78 00 4b 00 49 00 63 00 55 00 4c 00 6b 00 ..x.K.I.c.U.L.k. 0480 79 00 7a 00 36 00 76 00 2f 00 6f 00 4c 00 72 00 y.z.6.v./.o.L.r. 0490 6c 00 4a 00 6f 00 58 00 47 00 51 00 51 00 49 00 l.J.o.X.G.Q.Q.I. 04a0 44 00 41 00 51 00 41 00 42 00 6f 00 49 00 49 00 D.A.Q.A.B.o.I.I. 04b0 42 00 56 00 54 00 41 00 61 00 42 00 67 00 6f 00 B.V.T.A.a.B.g.o. 04c0 72 00 42 00 67 00 45 00 45 00 41 00 59 00 49 00 r.B.g.E.E.A.Y.I. 04d0 33 00 44 00 51 00 49 00 44 00 4d 00 51 00 77 00 3.D.Q.I.D.M.Q.w. 04e0 57 00 43 00 6a 00 59 00 75 00 4d 00 53 00 34 00 W.C.j.Y.u.M.S.4. 04f0 33 00 0d 00 0a 00 4e 00 6a 00 41 00 77 00 4c 00 3.....N.j.A.w.L. 0500 6a 00 49 00 77 00 56 00 77 00 59 00 4a 00 4b 00 j.I.w.V.w.Y.J.K. 0510 77 00 59 00 42 00 42 00 41 00 47 00 43 00 4e 00 w.Y.B.B.A.G.C.N. 0520 78 00 55 00 55 00 4d 00 55 00 6f 00 77 00 53 00 x.U.U.M.U.o.w.S. 0530 41 00 49 00 42 00 42 00 51 00 77 00 51 00 51 00 A.I.B.B.Q.w.Q.Q. 0540 55 00 31 00 4a 00 55 00 6b 00 55 00 78 00 4e 00 U.1.J.U.k.U.x.N. 0550 43 00 35 00 69 00 61 00 58 00 6c 00 68 00 4c 00 C.5.i.a.X.l.h.L. 0560 6d 00 4e 00 76 00 62 00 51 00 77 00 4e 00 51 00 m.N.v.b.Q.w.N.Q. 0570 6b 00 6c 00 5a 00 0d 00 0a 00 51 00 56 00 78 00 k.l.Z.....Q.V.x. 0580 42 00 54 00 55 00 6c 00 53 00 52 00 54 00 45 00 B.T.U.l.S.R.T.E. 0590 30 00 4a 00 41 00 77 00 69 00 54 00 57 00 6c 00 0.J.A.w.i.T.W.l. 05a0 6a 00 63 00 6d 00 39 00 7a 00 62 00 32 00 5a 00 j.c.m.9.z.b.2.Z. 05b0 30 00 4c 00 6b 00 56 00 34 00 59 00 32 00 68 00 0.L.k.V.4.Y.2.h. 05c0 68 00 62 00 6d 00 64 00 6c 00 4c 00 6c 00 4e 00 h.b.m.d.l.L.l.N. 05d0 6c 00 63 00 6e 00 5a 00 70 00 59 00 32 00 56 00 l.c.n.Z.p.Y.2.V. 05e0 49 00 62 00 33 00 4e 00 30 00 4c 00 6d 00 56 00 I.b.3.N.0.L.m.V. 05f0 34 00 5a 00 54 00 42 00 71 00 0d 00 0a 00 42 00 4.Z.T.B.q.....B. 0600 67 00 6b 00 71 00 68 00 6b 00 69 00 47 00 39 00 g.k.q.h.k.i.G.9. 0610 77 00 30 00 42 00 43 00 51 00 34 00 78 00 58 00 w.0.B.C.Q.4.x.X. 0620 54 00 42 00 62 00 4d 00 41 00 34 00 47 00 41 00 T.B.b.M.A.4.G.A. 0630 31 00 55 00 64 00 44 00 77 00 45 00 42 00 2f 00 1.U.d.D.w.E.B./. 0640 77 00 51 00 45 00 41 00 77 00 49 00 46 00 6f 00 w.Q.E.A.w.I.F.o. 0650 44 00 41 00 63 00 42 00 67 00 4e 00 56 00 48 00 D.A.c.B.g.N.V.H. 0660 52 00 45 00 45 00 46 00 54 00 41 00 54 00 67 00 R.E.E.F.T.A.T.g. 0670 67 00 68 00 68 00 62 00 57 00 6c 00 79 00 0d 00 g.h.h.b.W.l.y... 0680 0a 00 5a 00 54 00 4a 00 72 00 4e 00 34 00 49 00 ..Z.T.J.r.N.4.I. 0690 48 00 59 00 57 00 31 00 70 00 63 00 6d 00 55 00 H.Y.W.1.p.c.m.U. 06a0 78 00 4e 00 44 00 41 00 4d 00 42 00 67 00 4e 00 x.N.D.A.M.B.g.N. 06b0 56 00 48 00 52 00 4d 00 42 00 41 00 66 00 38 00 V.H.R.M.B.A.f.8. 06c0 45 00 41 00 6a 00 41 00 41 00 4d 00 42 00 30 00 E.A.j.A.A.M.B.0. 06d0 47 00 41 00 31 00 55 00 64 00 44 00 67 00 51 00 G.A.1.U.d.D.g.Q. 06e0 57 00 42 00 42 00 54 00 61 00 67 00 53 00 31 00 W.B.B.T.a.g.S.1. 06f0 57 00 52 00 74 00 39 00 59 00 74 00 69 00 43 00 W.R.t.9.Y.t.i.C. 0700 62 00 0d 00 0a 00 34 00 54 00 6a 00 47 00 71 00 b.....4.T.j.G.q. 0710 74 00 4d 00 6f 00 44 00 75 00 42 00 4e 00 6e 00 t.M.o.D.u.B.N.n. 0720 54 00 42 00 79 00 42 00 67 00 6f 00 72 00 42 00 T.B.y.B.g.o.r.B. 0730 67 00 45 00 45 00 41 00 59 00 49 00 33 00 44 00 g.E.E.A.Y.I.3.D. 0740 51 00 49 00 43 00 4d 00 57 00 51 00 77 00 59 00 Q.I.C.M.W.Q.w.Y. 0750 67 00 49 00 42 00 41 00 52 00 35 00 61 00 41 00 g.I.B.A.R.5.a.A. 0760 45 00 30 00 41 00 61 00 51 00 42 00 6a 00 41 00 E.0.A.a.Q.B.j.A. 0770 48 00 49 00 41 00 62 00 77 00 42 00 7a 00 41 00 H.I.A.b.w.B.z.A. 0780 47 00 38 00 41 00 0d 00 0a 00 5a 00 67 00 42 00 G.8.A.....Z.g.B. 0790 30 00 41 00 43 00 41 00 41 00 55 00 67 00 42 00 0.A.C.A.A.U.g.B. 07a0 54 00 41 00 45 00 45 00 41 00 49 00 41 00 42 00 T.A.E.E.A.I.A.B. 07b0 54 00 41 00 45 00 4d 00 41 00 61 00 41 00 42 00 T.A.E.M.A.a.A.B. 07c0 68 00 41 00 47 00 34 00 41 00 62 00 67 00 42 00 h.A.G.4.A.b.g.B. 07d0 6c 00 41 00 47 00 77 00 41 00 49 00 41 00 42 00 l.A.G.w.A.I.A.B. 07e0 44 00 41 00 48 00 49 00 41 00 65 00 51 00 42 00 D.A.H.I.A.e.Q.B. 07f0 77 00 41 00 48 00 51 00 41 00 62 00 77 00 42 00 w.A.H.Q.A.b.w.B. 0800 6e 00 41 00 48 00 49 00 41 00 0d 00 0a 00 59 00 n.A.H.I.A.....Y. 0810 51 00 42 00 77 00 41 00 47 00 67 00 41 00 61 00 Q.B.w.A.G.g.A.a. 0820 51 00 42 00 6a 00 41 00 43 00 41 00 41 00 55 00 Q.B.j.A.C.A.A.U. 0830 41 00 42 00 79 00 41 00 47 00 38 00 41 00 64 00 A.B.y.A.G.8.A.d. 0840 67 00 42 00 70 00 41 00 47 00 51 00 41 00 5a 00 g.B.p.A.G.Q.A.Z. 0850 51 00 42 00 79 00 41 00 77 00 45 00 41 00 4d 00 Q.B.y.A.w.E.A.M. 0860 41 00 30 00 47 00 43 00 53 00 71 00 47 00 53 00 A.0.G.C.S.q.G.S. 0870 49 00 62 00 33 00 44 00 51 00 45 00 42 00 42 00 I.b.3.D.Q.E.B.B. 0880 51 00 55 00 41 00 41 00 34 00 49 00 42 00 0d 00 Q.U.A.A.4.I.B... 0890 0a 00 41 00 51 00 43 00 59 00 6f 00 79 00 54 00 ..A.Q.C.Y.o.y.T. 08a0 68 00 47 00 67 00 37 00 55 00 2b 00 53 00 45 00 h.G.g.7.U.+.S.E. 08b0 61 00 61 00 4e 00 43 00 71 00 42 00 4e 00 51 00 a.a.N.C.q.B.N.Q. 08c0 30 00 71 00 70 00 4e 00 4e 00 68 00 41 00 72 00 0.q.p.N.N.h.A.r. 08d0 30 00 76 00 38 00 41 00 49 00 74 00 48 00 6b 00 0.v.8.A.I.t.H.k. 08e0 44 00 4d 00 73 00 61 00 5a 00 7a 00 6c 00 54 00 D.M.s.a.Z.z.l.T. 08f0 69 00 4d 00 43 00 32 00 6d 00 63 00 4a 00 68 00 i.M.C.2.m.c.J.h. 0900 4e 00 63 00 65 00 63 00 67 00 6b 00 35 00 31 00 N.c.e.c.g.k.5.1. 0910 6d 00 0d 00 0a 00 4e 00 71 00 79 00 73 00 31 00 m.....N.q.y.s.1. 0920 46 00 61 00 59 00 64 00 50 00 36 00 64 00 36 00 F.a.Y.d.P.6.d.6. 0930 34 00 44 00 63 00 39 00 30 00 42 00 69 00 68 00 4.D.c.9.0.B.i.h. 0940 54 00 49 00 71 00 72 00 79 00 54 00 66 00 35 00 T.I.q.r.y.T.f.5. 0950 6c 00 5a 00 71 00 33 00 6f 00 6e 00 7a 00 33 00 l.Z.q.3.o.n.z.3. 0960 62 00 4b 00 68 00 34 00 6a 00 37 00 62 00 79 00 b.K.h.4.j.7.b.y. 0970 52 00 65 00 37 00 46 00 46 00 36 00 4a 00 4a 00 R.e.7.F.F.6.J.J. 0980 74 00 5a 00 69 00 58 00 41 00 45 00 4b 00 38 00 t.Z.i.X.A.E.K.8. 0990 66 00 49 00 7a 00 0d 00 0a 00 32 00 38 00 55 00 f.I.z.....2.8.U. 09a0 7a 00 70 00 67 00 46 00 6c 00 4a 00 7a 00 6e 00 z.p.g.F.l.J.z.n. 09b0 51 00 79 00 73 00 57 00 76 00 46 00 77 00 37 00 Q.y.s.W.v.F.w.7. 09c0 44 00 4a 00 50 00 64 00 64 00 41 00 4b 00 4c 00 D.J.P.d.d.A.K.L. 09d0 48 00 53 00 35 00 71 00 58 00 44 00 6d 00 55 00 H.S.5.q.X.D.m.U. 09e0 46 00 61 00 7a 00 47 00 4f 00 6d 00 35 00 31 00 F.a.z.G.O.m.5.1. 09f0 33 00 6e 00 2b 00 38 00 34 00 48 00 44 00 36 00 3.n.+.8.4.H.D.6. 0a00 62 00 6f 00 46 00 77 00 77 00 4e 00 61 00 72 00 b.o.F.w.w.N.a.r. 0a10 78 00 7a 00 5a 00 62 00 71 00 0d 00 0a 00 4d 00 x.z.Z.b.q.....M. 0a20 46 00 68 00 5a 00 46 00 49 00 49 00 35 00 2f 00 F.h.Z.F.I.I.5./. 0a30 43 00 73 00 75 00 57 00 35 00 4a 00 55 00 51 00 C.s.u.W.5.J.U.Q. 0a40 54 00 73 00 39 00 33 00 49 00 59 00 79 00 73 00 T.s.9.3.I.Y.y.s. 0a50 32 00 61 00 37 00 36 00 39 00 47 00 4d 00 63 00 2.a.7.6.9.G.M.c. 0a60 57 00 37 00 36 00 50 00 6c 00 75 00 4e 00 30 00 W.7.6.P.l.u.N.0. 0a70 6d 00 34 00 67 00 34 00 48 00 74 00 69 00 31 00 m.4.g.4.H.t.i.1. 0a80 54 00 52 00 45 00 70 00 73 00 42 00 47 00 39 00 T.R.E.p.s.B.G.9. 0a90 59 00 57 00 68 00 57 00 62 00 71 00 30 00 0d 00 Y.W.h.W.b.q.0... 0aa0 0a 00 68 00 32 00 77 00 4f 00 5a 00 45 00 78 00 ..h.2.w.O.Z.E.x. 0ab0 31 00 4d 00 4c 00 50 00 78 00 48 00 5a 00 68 00 1.M.L.P.x.H.Z.h. 0ac0 63 00 6d 00 68 00 44 00 7a 00 6c 00 38 00 43 00 c.m.h.D.z.l.8.C. 0ad0 75 00 7a 00 4b 00 75 00 57 00 6f 00 53 00 56 00 u.z.K.u.W.o.S.V. 0ae0 6f 00 63 00 6f 00 43 00 4f 00 56 00 79 00 69 00 o.c.o.C.O.V.y.i. 0af0 6c 00 36 00 66 00 31 00 58 00 4a 00 6a 00 54 00 l.6.f.1.X.J.j.T. 0b00 58 00 32 00 67 00 62 00 32 00 69 00 50 00 53 00 X.2.g.b.2.i.P.S. 0b10 57 00 6f 00 7a 00 6e 00 48 00 32 00 37 00 56 00 W.o.z.n.H.2.7.V. 0b20 30 00 0d 00 0a 00 48 00 59 00 30 00 74 00 73 00 0.....H.Y.0.t.s. 0b30 33 00 49 00 76 00 64 00 64 00 4c 00 74 00 6a 00 3.I.v.d.d.L.t.j. 0b40 2b 00 7a 00 59 00 33 00 66 00 47 00 34 00 77 00 +.z.Y.3.f.G.4.w. 0b50 45 00 2f 00 42 00 0d 00 0a 00 0d 00 0a 00 2d 00 E./.B.........-. 0b60 2d 00 2d 00 2d 00 2d 00 45 00 4e 00 44 00 20 00 -.-.-.-.E.N.D. . 0b70 4e 00 45 00 57 00 20 00 43 00 45 00 52 00 54 00 N.E.W. .C.E.R.T. 0b80 49 00 46 00 49 00 43 00 41 00 54 00 45 00 20 00 I.F.I.C.A.T.E. . 0b90 52 00 45 00 51 00 55 00 45 00 53 00 54 00 2d 00 R.E.Q.U.E.S.T.-. 0ba0 2d 00 2d 00 2d 00 2d 00 0d 00 0a 00 -.-.-.-..... CertUtil: -dump command completed successfully. I then ran the same command on certreq1.req file which has ANSI Encoding. Notice the output here, proper English, you can see it is a new certificate request. C:\WINDOWS\system32>certutil -dump certreq2.req PKCS10 Certificate Request: Version: 1 Subject: C=US S=TX L=Dallas O=Contoso OU=Org Unit CN=amire14 Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 2048 bits Public Key: UnusedBits = 0 0000 30 82 01 0a 02 82 01 01 00 a0 f0 c0 8f ae 6e cf 0010 0c 00 8c c0 99 86 c3 b1 ab 02 52 74 93 96 68 b0 0020 0c 70 94 f7 d0 e8 db c7 97 75 67 df 33 82 ce d7 0030 e0 43 54 de 7b 94 58 16 ca 6d c7 a7 83 d9 55 e8 0040 05 76 4c 9c 24 6e ff 9d da 2b e1 77 69 cb d8 f8 0050 a6 b7 fa 63 ad ac 2b 24 8e e3 29 ee cd 17 8d ae 0060 6d d1 6a 18 b3 dc 1e 9b 1c 69 a4 91 f4 cc 3f 3a 0070 ba f2 a1 e2 21 32 0d 14 43 50 4d 7e 32 45 a2 d0 0080 b2 ce fd be 46 01 b3 61 be b4 2c 5b d2 5d 87 80 0090 59 3f 45 1a 05 61 c6 c8 f8 e4 35 80 ef be f2 1a 00a0 47 96 1c a9 84 ee a0 fe 9e fd 64 ea 5a 12 58 76 00b0 51 00 8a bb cc 14 f6 a6 4e 8f 7e 2c a1 b5 7a d3 00c0 59 13 05 89 25 82 40 45 6b d5 77 dc af 60 ec 47 00d0 08 dd 37 d0 ba 4f 38 7f f2 f2 ca 2c 81 09 1d 17 00e0 9c 1a 61 38 bf f0 bc 26 28 9f cb 8c ba f1 f2 76 00f0 c1 f5 01 79 f0 9a 1b 40 6e c4 a2 1c 50 b9 32 cf 0100 ab ff a0 ba e5 26 85 c6 41 02 03 01 00 01 Request Attributes: 4 4 attributes: Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version) Value[0][0]: 6.1.7600.2 Attribute[1]: 1.3.6.1.4.1.311.21.20 (Client Information) Value[1][0]: Unknown Attribute type Client Id: = 5 User: BIYA\AMIRE14$ Machine: AMIRE14.biya.com Process: Microsoft.Exchange.ServiceHost.exe Attribute[2]: 1.2.840.113549.1.9.14 (Certificate Extensions) Value[2][0]: Unknown Attribute type Certificate Extensions: 4 2.5.29.15: Flags = 1(Critical), Length = 4 Key Usage Digital Signature, Key Encipherment (a0) 2.5.29.17: Flags = 0, Length = 15 Subject Alternative Name DNS Name=amire2k7 DNS Name=amire14 2.5.29.19: Flags = 1(Critical), Length = 2 Basic Constraints Subject Type=End Entity Path Length Constraint=None 2.5.29.14: Flags = 0, Length = 16 Subject Key Identifier da 81 2d 56 46 df 58 b6 20 9b e1 38 c6 aa d3 28 0e e0 4d 9d Attribute[3]: 1.3.6.1.4.1.311.13.2.2 (Enrollment CSP) Value[3][0]: Unknown Attribute type CSP Provider Info KeySpec = 1 Provider = Microsoft RSA SChannel Cryptographic Provider Signature: UnusedBits=0 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 c1 4f c0 b8 f1 dd d8 ec 8f ed d2 75 2f 72 b3 2d 0010 8d 1d 74 b5 db c7 39 a3 96 f4 88 f6 06 da d7 34 0020 26 57 fd e9 a5 28 57 8e 80 72 68 25 a1 96 ab cc 0030 ae c0 97 f3 10 9a 5c 98 1d f1 b3 30 75 4c 64 0e 0040 6c 87 b4 ba 59 a1 85 f5 46 c0 a6 44 34 d5 62 7b 0050 e0 20 6e d2 8d 5b 3e fa 6e 71 8c d1 eb bb 66 b3 0060 32 86 dc 3d 3b 41 54 92 5b 2e 2b fc 39 82 14 59 0070 58 30 ea 96 cd f1 aa 35 30 5c a0 9b 3e 1c 38 ef 0080 9f 77 9d 9b 8e 31 6b 05 65 0e 97 9a 4b c7 a2 00 0090 5d f7 24 c3 0e 17 af c5 ca d0 39 27 65 01 a6 33 00a0 c5 db 33 f2 f1 0a 01 5c 62 d6 26 89 5e 14 bb 17 00b0 c9 db 3e e2 a1 b2 dd f3 89 de 6a 56 e6 df 24 af 00c0 2a 32 85 62 40 f7 dc 80 eb 9d fe 74 98 56 d4 ac 00d0 ac 36 66 9d 93 20 e7 71 4d 98 70 a6 2d 30 e2 54 00e0 ce 99 c6 32 03 79 b4 08 c0 bf f4 0a 84 4d 93 aa 00f0 34 d4 04 aa d0 68 1a 21 f9 d4 0e 1a e1 24 a3 98 Signature matches Public Key Key Id Hash(sha1): b5 77 f3 3f 58 8a c9 4e 61 9b 18 68 fd 8e ee 0c fc c5 5a 90 Subject Key Id (precomputed): da 81 2d 56 46 df 58 b6 20 9b e1 38 c6 aa d3 28 0e e0 4d 9d CertUtil: -dump command completed successfully. So that's another way to quickly find out if your certreq.req file is saved in ANSI or Unicode encoding. Of course, the one in Unicode will not work with Windows CA & the one in ANSI will work fine with it. I also asked around about this issue & a dev from Windows CA team said the CA admin snap-in (i.e. right click on CA's name node | All Tasks | Submit new request), creates a process to execute certreq –submit. It does not collect the output or report any error that certreq.exe might return; it simply kicks off the process. certreq –submit will handle ANSI Base64 text with and without PEM headers, as well as Binary – but it does not handle Unicode at this moment. Starting with Windows Vista in many other contexts, we do support Unicode Base 64 text files with and without a byte-order-mark (BOM), as well as big-endian Unicode with a big-endian BOM (such as when certutil dumps requests). certreq –submit will report an invalid data error when told to submit request from a Unicode Base64 text file. HTH! Sr. Program Manager, Product Quality, Exchange Client Access Server
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2011 5:21pm

I was playing with dcom, security, activation, registry, cert service and who knows what, till I find this post from you. thank you, it worked. i was stuck when creating new selfsigned cert for exchange2010, and this solved it.
January 16th, 2012 7:19am

Hi, I installed a Certification Authority on a Windows Server 2008 R2 domain member to secure Exchange 2010 "Outlook Web App" with SSL. I created the Certificate Request (cert.req) from the EMC "Exchange Certificates" screen, but when I use the "submit new request" function of the CA MMC, nothing happens, no error message, nothing. Any ideas ? - ThePro Hi ! - i had the same problem, Certificate for Exchange actually issuing automaticaly, ( once i installed Cert Service ) but it appeared in the list later? Possible reason is Group Policy ( where you can set up Auto enrollment )
Free Windows Admin Tool Kit Click here and download it now
May 16th, 2012 1:14am

I wrote an article that describes issue source and resolution steps: You cannot submit a certificate request generated by Exchange Management Console (EMC) or Exchange Management Shell (EMS) to Microsoft Certificate ServicesMy weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
May 16th, 2012 1:51am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics