After further testing, it would seem that signing a PKCS#10 request is not possible that way...
When directly using
I don't mind invoking
Is there any way to use the "This number of authorized signatures" certificate template option with both CMC and PKCS#10 requests?
Or maybe it is possible to convert PKCS#10 to CMC (without knowledge of the private key)?
I will directly ask Microsoft but I have a feeling you will have a better answer than they will :)
Thank you.
When directly using
certreq -sign, I have the same error as above with a PKCS#10 request whereas all works fine with a CMC request (and several forums seem to confirm this behavior).I don't mind invoking
certreq -sign directly from my script (is is fully automatable) but unfortunately I cannot ensure all my requests are in CMC format (most of them are not currently and our users would be completely lost if we suddenly ask them to generate CMC requests only...).Is there any way to use the "This number of authorized signatures" certificate template option with both CMC and PKCS#10 requests?
Or maybe it is possible to convert PKCS#10 to CMC (without knowledge of the private key)?
I will directly ask Microsoft but I have a feeling you will have a better answer than they will :)
Thank you.