Is it possible to make a Windows Server Certificate Authority accept a PKCS10 certificate request that is unsigned? I get the following error Error Verifying Request Signature or Signing Certificate The request is not supported. 0x80070032 (WIN32: 50 ERROR_NOT_SUPPORTED)
. I would like for the CA to skip the signature check and just accept the request.
No, Microsoft ADCS does not support requests without a single trusted signature. That is, the request must be signed directly (signature is created by requester) or by external signers. In this case, a PKCS#10 request must be embedded in PKCS#7/CMC request and signed with authorized signing certificate.
With CertEnroll you can utilize IX509CertificateRequestCmc COM interface:
IX509CertificateRequestPkcs10
interfaceIX509CertificateRequestCmc
interface by using InitializeFromInnerRequestTemplateName
methodIX509CertificateRequestCmc::SignerCertificates
to provide external signer information (certificate)IX509Enrollment
interfaceIX509Enrollment::CreateRequest
to sign and create signed request.By the end, you will get a signed CMC request with embedded unsigned PKCS#10 request and which you can submit to CA server.
User contributions licensed under CC BY-SA 3.0