We use 3rd party certificates from VeriSign for LDAPS (secure LDAP connections on port 636) on our Domain Controllers. I have installed them on 2003 and 2008 DCs before, but this is my first attempt at installing them on a 2008R2 DC.
I create the .inf file DC01.inf file manually, as shown here (the subject line has been changed to keep my information private obviously):
[Version]
Signature= "$Windows NT$"
[NewRequest]
Subject = "CN=DC01.domain.COM;OU=IT;O=Company;L=City;S=Province;C=CA"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = FALSE
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2
Once this file is created I run the command line: certreq -new DC01.inf DC01.req which should create a new request file. It should also create a new Certificate Enrollment Request in the Certificates MMC snap-in. This is where it fails, and the .req file is not created, nor is there a new Certificate Enrollment Request created. I get the following errors in 2 separate pop ups screens, each with an OK button.
Error 1: The procedure entry point CADCSetCertTypePropertyEx could not be located in the dynamic link library certcli.dll.
Error 2: The specified procedure could not be found: )x8007007f (WIN32/HTTP: 127) DC01.inf([NewRequest] Subject = "CN=DC01.domain.COM;OU=IT;O=Company;L=City;S=Province;C=CA")
I am using the same certadm.dll and certcli.dll files that I used for my 2008 LDAPS certificate installation. This is a new server, so I also registered both dlls by issuing "regsvr32 certadm.dll" and "regsvr32 certcli.dll" commands, both of which returned "DllRegisterServer in certadm.dll succeeded." windows.
Any ideas what is going on? Did something change in 2008R2?