Microsoft Exchange 2010 annoyance: certificate wizard incompatible with certificate services

I’ve used the holiday break to do some testing on Exchange 2010. I have a virtual network which includes a machine running Microsoft’s Certificate Services. The wizard generates a .req file which you can submit to a certification authority. In my case I submitted to my own certificate server using the certreq command.  Here’s what you get:

image

The error message is “Certificate not issued (Incomplete)”

Kudos to Vadims Podans on the Network Steve Forum who has the answer. The Exchange 2010 wizard creates the request in a Unicode file. Certificate Services only understands Ansi. You have to open the request file in Notepad and then Save As specifying Ansi encoding. Then it works.

Actually it doesn’t work, but you get a more intelligible error. When you submit the request using certreq you have to specify a template by adding the argument:

-attrib "CertificateTemplate:WebServer"

Podans has that information too.

I realise that the majority of Exchange admins submit certificate requests to commercial authorities rather than internal ones. Still, you would hope that a Microsoft certificate wizard would be compatible with Microsoft’s own certificate server, at least if you check the right box.

One thought on “Microsoft Exchange 2010 annoyance: certificate wizard incompatible with certificate services”

Comments are closed.