Generating private key in a file using certreq in powershell

Question

I am using a powershell script to create Certificate Signing Request (CSR) using certreq. I need the private key in a file but the script is not generating that. I tried looking the documentation of certreq and other resources but found nothing. In INF setting I am setting Exportable = TRUE. here is the setting

$settingsInf = "
[Version] 
Signature=`"`$Windows NT`$ 
[NewRequest] 
KeyLength =  2048
Exportable = TRUE 
MachineKeySet = TRUE 
SMIME = FALSE
RequestType =  PKCS10 
ProviderName = `"Microsoft RSA SChannel Cryptographic Provider`" 
ProviderType =  12
HashAlgorithm = sha256
;Variables
Subject = `"CN={{CN}},CN={{CN2}},O={{O}},DC={{DC}},DC={{DC2}}`"
[Extensions]
{{SAN}}

Another solution I tried is to use openssl to get private key and CSR. In this solution I am getting both private key and CSR but when I submit the CSR to CA then it throws following error

 "message" : "Invalid Subject DN.  The requested Subject DN is not compatible with the issuing CA.",

I am using openssl as follows

$subject = "`"/CN=$cn/CN=$cn2/O=$o/DC=$dc/DC=$dc2'"

openssl req -new -key $privateKeyPath -rand $randPath -subj $subject -out $csrPath

The Certificate Authority DN is as follows

"issuer_dn" : "CN=usa,O=SE,DC=abc,DC=com",

any suggestion to either get private key using certreq or why CA is throwing error when using openssl. Thanks

Answer 1

I found the solution. may be it will help someone else.

It appears that some CA require subject in a particular order which is not documented (Super Annoying).

The CA I was connected to require $subject in following way

$subject = "`"/DC=$dc2/DC=$dc/O=$o/CN=$cn2/CN=$cn'"

using subject like this in generating CSR is accepted by CA.