Using an AD-integrated Enterprise CA to issue an Exchange 2010 certificate

I have a small test network that includes Win2k8 R2 machines, an Enterprise CA server and an Exchange 2010 SP1 RU1 CAS server. I would like to issue a certificate for Exchange from the CA.

As the first step, I created the certificate request, which (according to OpenSSL) contains the following info:

C:\OpenSSL\bin>openssl req -in e.req -noout -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=mail.mnet.com, OU=IT, O=MNet, L=Budapest, ST=Budapest, C=HU
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                ...snip...
                Exponent: 65537 (0x10001)
        Attributes:
            1.3.6.1.4.1.311.13.2.3   :6.1.7600.2
            1.3.6.1.4.1.311.21.20    :unable to print attribute
            1.3.6.1.4.1.311.13.2.2   :unable to print attribute
        Requested Extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Subject Alternative Name:
                DNS:cas.int.mnet.com, DNS:mail.mnet.com, DNS:autodiscover.mnet.com, DNS:pop.int.mnet.com, DNS:imap.int.mnet.com
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                F0:7E:53:47:BE:04:0F:5C:78:FD:63:8C:D6:5C:BC:0D:45:A3:4F:48
    Signature Algorithm: sha1WithRSAEncryption
        ...snip...

As the second step, I would like to submit this request to the CA, but I get the following message:

The request contains no certificate information.

Denied by Policy Module 0x80094801, The request does not contain a certificate template extension of the CertificateTemplate request attribute.

What would be the best way to get this working?

How should I generate the same request from Exchange to include the info on which certificate to use?

How should I convince the CA to issue the certificate, even if the request doesn't match a certificate template?

(I'm actually interested in the answer to all three questions to learn more about both Exchange and the CA services.)

Please use the wizard that Exchange 2010 so helpfully provides for you - it's much easier.

It's in the Exchange Management Console under Server Configuration. In the Action Pane, choose the New Exchange Certificate wizard.

Fill in the required info, submit the generated file to your Enterprise CA using the Web Server template, then import the generated certificate back into Exchange using the wizard.

You might find this video helpful.