[Pki-users] Assistance with creating and submitting a Windows LDAPS Certificate; PKI 10.3.3

Richard Harmonson richard.harmonson at gmail.com
Tue Oct 17 21:21:41 UTC 2017


I created a certificate request using certreq.exe and the prerequisite
request.info on a Windows Server 2012R2 DC--references and details given
below.

However, I receive the error "Sorry, your request is not submitted. The
reason is "Invalid Request." when attempting to submit "Manual Server
Certificate Enrollment" it to my Root CA.

Am I using the wrong template profile? Is there a template that supports
OID=1.3.6.1.5.5.7.3.1?


Currently using PKI/Dogtag 10.3, but I did update to 10.4, briefly, then
recovered from snap/backup to 10.3 for the error persisted with 10.4.


These are my primary references:

https://support.microsoft.com/en-us/help/321051/how-to-
enable-ldap-over-ssl-with-a-third-party-certification-authority

https://technet.microsoft.com/en-us/library/ff625722(v=ws.
10).aspx#BKMK_Certreq

Created the CSR by executing "certreq -new request.inf request.csr"

The request.inf follows:

========================================
[Version]

Signature="$Windows NT$

[NewRequest]
Subject = "CN=ad.winauth.mydomain.net"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[Extensions]
2.5.29.17 =  "dns=ad.winauth.mydomain.net&"
_continue_ = "dn=CN=AD,OU=Domain Controllers,DC=winauth,DC=mydomain,DC=net&"
_continue_ = "ipaddress=192.168.1.1&"

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
========================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20171017/a18af515/attachment.htm>


More information about the Pki-users mailing list