你所遇到的无效响应,是这个吗?
CAs that receive a certificate request referring to a template where the msPKI-RA-Signature is nonzero MUST require that the private keys used to sign the request are associated with certificates that meet the requirements of the msPKI-RA-Policies and msPKI-RA-Application-Policies
attributes.
If the value of this property is non-zero and there are no (additional) signatures in the request, the CA SHOULD return a non-zero error. The error Should be
0x80094809 (CERTSRV_E_SIGNATURE_POLICY_REQUIRED).
If the number of signatures on the certificate request is less than the number defined by this property, the CA SHOULD return a non-zero error. The error SHOULD be
0x8009480A (CERTSRV_E_SIGNATURE_COUNT).