According to this:
http://support.microsoft.com/kb/321051
it should be really simple
But somehow it does not work. Non AD joined Server 2003 R2 SP2. Needed computer certificate with exportable private key. Could not use IE8 to request certificate from AD CS as this would just error out:
Message: 'g_certEnrollLoadError' is undefined
Did not want/need IIS on this server, so the only other option for certificate request is certreq.exe
Specifically included Exportable = TRUE in the inf file.
Request gets created, AD CS can process it, certificate is issued, but private key is NOT exportable (ofcourse template used DOES have the option ticked)
Eventually had to join this machine to AD & run Windows Server 2003 Certificate Request Wizard from mmc
Same template was used (after adjusting only Subject Name Build from AD...)
The wizard export private key option was selected & this issued certificate DID have private key exportable.
So why certreq did not work?
Seb