Hello @jetmicll2020 ,
Thank you for posting here.
Based on the description, we have two questions.
For the first question, we can see the expiration is not correct.
Based on my knowledge, the issued certificate validity period depends upon least value of below.
(1)The remaining lifetime of the root CA server
(2)The value specified in the certificate template
(3)The value specified in the CA server registry (default is 2 years)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>\ValidityPeriodUnits
Maybe the validity period of your cert takes the value of ValidityPeriodUnits in registry, so we can check the three values.
For the second question, the private key can not be expoted.
We need to check the the option "Allow private key to be exported" in the certificate template and check the option "Make the private key exportable" during generating CSR file as below.
At last, we can follow the steps in the similar case to enroll a certificate.
Unable to sign CSR with Microsoft Windows CA
https://learn.microsoft.com/en-us/answers/questions/89382/unable-to-sign-csr-with-microsoft-windows-ca.html
Hope the information above is helpful. If anything is unclear, please feel free to let us know.
Best Regards,
Daisy Zhou