Requesting X509 cert from Microsoft Certificate Services using ICertRequest

My application was recently changed to use client-server model.

Now I need to be able to request certificate from remote server vs the one on a local network. ICertRequest specifies that it can accept:

HTTPS URL for an enrollment server or in the form ComputerName/CAName

The latter was used before without any issues, but now I want it to use HTTPS but not sure what to use as a url. Am able to access webpage for via:

https://example.com/certsrv

But if I use this string as strConfig of the ICertRequest it comes up with:

System.Runtime.InteropServices.COMException: 'CCertRequest::Submit: The input data was not in the expected format or did not have the expected value. 0x803d0000 (-2143485952)'

The request wasn't otherwice changed in any way, so I expect its related to the URL. I also tried https://example.com/certsrv/certrqus.asp without any luck

There are two web features in Microsoft ADCS:

1. Legacy enrollment web pages (you are trying to use).
2. Enrollment Web Services that use HTTP/SOAP transport.

HTTPS URL for an enrollment server

the message refers to latter URI. You may need to set up enrollment web services on server side (where CA resides) and use exposed endpoints to communicate with CA. Web services consist of two services: policy and enrollment.

Policy communication:

client <---HTTP/SOAP---> XCEP <---RPC/DCOM---> Policy Storage

client firs communicates with XCEP to load enrollment policies and certificate enrollment policy endpoints. There is no direct communication with CA, XCEP just stores policies, certificate templates available to client and URIs to enrollment web services.

client <---HTTP/SOAP---> WSTEP <---RPC/DCOM---> MS ADCS

Policy (obtained on a first step) contains URIs to enrollment services registered with policy provider (XCEP server). Client uses one or more endpoints to perform certificate enrollment tasks.

Ref: Certificate Enrollment Web Services in Active Directory Certificate Services