Exchange 2010 Certificate Wizard request wont complete with Certificate Services

Exchange 2010 includes a certificate wizard to help you generate a certificate request without having to manually type each of the fields and make your own requests in the certificates MMC. Unfortunately you then cannot complete the request using the Microsoft certification authority as you get an error message. Normally this error is along the likes of “Bad TAG” or “Certificate not issued (Incomplete)”

Credits to Laurance at Dell for the solution to this particular error which turned out to be that the CSR generated by Exchange 2010 is in Unicode format and certificate services is expecting it to be in ANSI. Simply open the request file in notepad and save it in ANSI file format. Make sure to surround the entire file name in quotes to preserve the file extension and change the file name from the original.

 

Now you will get a new error because exchange hasn’t included a certificate template along with the request and certificate services needs to know which template to use. Open a CMD window (as admin or you will get another error) and type in the following: certreq -attrib “CertificateTemplate:WebServer” you should then be prompted to browse for your request file and if all is well for a place to save the completed certificate. Then you can use this certificate file to complete the pending request with the exchange 2010 certificate wizard.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.