Hello,
we are trying to create a certificate which we can use for the PowerShell commands Protect-CmsMessage/Unprotect-CmsMessage (see https://technet.microsoft.com/en-us/library/dn807171.aspx). The description of the commands (see link) describes the usage of certreq.exe to create aself signed (!!!) certificate with the appropriate key and enhanced key usages. We do not want to create a self signed certificate but want to use our internal CA. Unfortunately we are not able to create an equivalent certificate with the Certificate Services. One of our attempts was to copy a certificate template and modify it to match the criteria. All of our created certificates does not match the template properties created with certreq.exe as described in the documentation of Protect-CmsMessage.
Best regards from Germany,
Tobias