Can't create a custom CSR using mmc and certificates snap-in on Windows 10

Hank Cohen 0 Reputation points
2023-08-06T15:34:57.12+00:00

I am trying to generate a custom CSR using the certificates snap-in for mmc on Windows 10. The certificate I want to create is a client authentication cert using ECC. However, I have run into a persistent issue that is preventing me from generating the CSR. No matter the content of the request if I use (No template) CNG key I get the error "One of more of the object's properties are missing or invalid", and the private key generation dialog is completely insensitive. So no CSR is generated.

On the other hand, if I choose (No template) Legacy Key. Then no problem but the Legacy providers don't do ECC and their protection for private keys is weaker.

I suspect that this is not a problem with the certificates snap-in but rather with the underlying certificate infrastructure for Active Directory. In researching the problem I found articles that seem to indicate that some changes were made to the certificate infrastructure of Windows Server. These links are not directly relevant to my issue but they may provide hints to someone more familiar with Windows than I. https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/cng-templates-not-appear-certificate-web-enrollment https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/ca-cant-use-certificate-template https://learn.microsoft.com/en-us/microsoft-identity-manager/certificate-manager-for-software-certificates

Here are some screenshots

dff2041c-9fa7-475e-95db-b3bcd3d705bf

dca52e44-0d5a-4dc6-a902-ab5352b144d1

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,054 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,141 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,817 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Limitless Technology 44,096 Reputation points
    2023-08-07T09:57:34.2333333+00:00

    Hello

    Thank you for your question and reaching out.

    I believe that the underlying Active Directory certificate infrastructure, rather than the certificates snap-in, is the issue here. I've never made a certificate request using the graphical user interface. I always use a template file with certreq that contains all the details. You might want to look into that. https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certreq_1 --If the reply is helpful, please Upvote and Accept as answer--


  2. PKI404 0 Reputation points
    2024-06-09T17:00:30.6833333+00:00

    Hi,

    I was able to resolve this error, please check the youtube video for step by step resolution.

    https://www.youtube.com/watch?v=HZY7tjvLSh0&ab_channel=PKI404

    0 comments No comments

  3. PKI404 0 Reputation points
    2024-06-10T05:24:29.1666667+00:00

    Hi,

    I was able to resolve this error ( One or More of the Object's Properties Are Missing or Invalid), please check the you tube video for step by step resolution.

    https://www.youtube.com/watch?v=HZY7tjvLSh0&ab_channel=PKI404

    0 comments No comments