Is it possible to make a Windows Server Certificate Authority accept a PKCS10 certificate request that is unsigned? I get the following error
Error Verifying Request Signature or Signing Certificate The request is not supported. 0x80070032 (WIN32: 50 ERROR_NOT_SUPPORTED). I would like for the CA to skip the signature check and just accept the request.
No, Microsoft ADCS does not support requests without a single trusted signature. That is, the request must be signed directly (signature is created by requester) or by external signers. In this case, a PKCS#10 request must be embedded in PKCS#7/CMC request and signed with authorized signing certificate.
With CertEnroll you can utilize IX509CertificateRequestCmc COM interface:
IX509CertificateRequestCmcinterface by using
IX509CertificateRequestCmc::SignerCertificatesto provide external signer information (certificate)
IX509Enrollment::CreateRequestto sign and create signed request.
By the end, you will get a signed CMC request with embedded unsigned PKCS#10 request and which you can submit to CA server.
User contributions licensed under CC BY-SA 3.0