Windows 2008 CA - Unable to Issue Certificate : "The request subject name is invalid or too long"


When requesting a certificate via the browser, at the point you try to issue the certificate (via certsrv.msc) you receive the error:

Error Constructing or Publishing Certificate

When looking through the Events for Active Directoty Certificate Services you see the error:

Active Directory Certificate Services denied request 8 because The request subject name is invalid or too long. 0x80094001 (-2146877439). 


To enable the parsing of request attributes for subject information, the following command must be run. This allows for enrollment through web enrollment pages. Once done restart the certification authority service (net stop certsvc && net start certsvc).



A useful command to check the request attributes can be found below:

C:\Users\Administrator>certutil -view -restrict "Disposition>=30,Disposition<=31"

!! Output Omitted !!

Request Attributes: "
 challenge: provePequalsNP
 country: UK
 state: HANTS
 locality: STOKE
 org: IT
 orgunit: IT
 email: test@test
 commonname: bob
 UserAgentString: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko)   Chrome/22.0.1229.94 Safari/537.4


About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as an SDN/NFV Solutions Architect and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001