During a recent customer deployment of OCS 2007 R2, we came across a small issue that might be relevant for some of you.
We were using the OCS 2007 R2 Edge Server setup wizard to request certificates for the external interfaces. This particular customer uses GoDaddy for their certificates. We created an offline request and pasted the CSR into GoDaddy's request interface - and were promptly told that the CSR was not valid.
What we discovered was this: The customer's OCS R2 Edge server was running Windows Server 2008. When we created the certificate request using the setup wizard, the -----BEGIN CERTIFICATE REQUEST----- header and -----END CERTIFICATE REQUEST----- trailers were not inserted into the file. This was what threw the error when we pasted the CSR into GoDaddy's interface.
To solve this and be able to get our certificate from GoDaddy, we simply pasted correctly formatted header and trailer lines into the CSR, which was then accepted as a proper CSR file.
If OCS R2 Edge is deployed on Windows Server 2003 R2, the certificate request header and trailer is inserted into the request file generated by the setup wizard, so the issue looks to be specific to deployments on Windows Server 2008.
It is worth noting that if you use IIS on Windows Server 2008 to create an SSL certificate request, the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- lines are included in the generated CSR file - so "normal" IIS certificate requests created on Windows Server 2008 are not affected.