Submit unsigned pkcs10 to windows certificate authority

Is it possible to make a Windows Server Certificate Authority accept a PKCS10 certificate request that is unsigned? I get the following error Error Verifying Request Signature or Signing Certificate The request is not supported. 0x80070032 (WIN32: 50 ERROR_NOT_SUPPORTED). I would like for the CA to skip the signature check and just accept the request.

No, Microsoft ADCS does not support requests without a single trusted signature. That is, the request must be signed directly (signature is created by requester) or by external signers. In this case, a PKCS#10 request must be embedded in PKCS#7/CMC request and signed with authorized signing certificate.

With CertEnroll you can utilize IX509CertificateRequestCmc COM interface:

1. load existing unsigned request to IX509CertificateRequestPkcs10 interface
2. load PKCS10 request to IX509CertificateRequestCmc interface by using InitializeFromInnerRequestTemplateName method
3. use IX509CertificateRequestCmc::SignerCertificates to provide external signer information (certificate)
4. load CMC request into IX509Enrollment interface
5. call IX509Enrollment::CreateRequest to sign and create signed request.

By the end, you will get a signed CMC request with embedded unsigned PKCS#10 request and which you can submit to CA server.