Windows 2008 CA - Unable to Issue Certificate : "The request subject name is invalid or too long"


When requesting a certificate via the browser, at the point you try to issue the certificate (via certsrv.msc) you receive the error:

Error Constructing or Publishing Certificate

When looking through the Events for Active Directoty Certificate Services you see the error:

Active Directory Certificate Services denied request 8 because The request subject name is invalid or too long. 0x80094001 (-2146877439). 


To enable the parsing of request attributes for subject information, the following command must be run. This allows for enrollment through web enrollment pages. Once done restart the certification authority service (net stop certsvc && net start certsvc).



A useful command to check the request attributes can be found below:

C:\Users\Administrator>certutil -view -restrict "Disposition>=30,Disposition<=31"

!! Output Omitted !!

Request Attributes: "
 challenge: provePequalsNP
 country: UK
 state: HANTS
 locality: STOKE
 org: IT
 orgunit: IT
 email: test@test
 commonname: bob
 UserAgentString: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko)   Chrome/22.0.1229.94 Safari/537.4