Are you using Microsoft CA server to signed the CSR that you have downloaded from WSA?
If yes you can follow the below:
1. Download the CSR from the WSA
2. Open the CSR using Wordpad or another text editor and copy the Certificate Request section (only the section --BEGIN CERITIFICATE REQUEST-- xxxxx --END CERTIFICATE REQUEST--)
3. Navigate to the MS CA server: https://server/certsrv
4. Select "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file"
5. Click Certificate Template and choose Subordinate Certification Authority
6. Paste in your copied CSR
7. Download your CA signed certificate
8. Upload the signed certificate (make sure you use the Signed certificate upload section and not the top section.
Tips: We need to Submit > Commit the changes on every step changed on WSA. In case WSA giving errors such as “Certificate and key do not match”, please review the steps above with customer again.
Video KB: Steps to enable HTTPS proxy on WSA & Certificate Signing Request (CSR) option.
Also Attached documentation from Microsoft CA perspective.
Hope this helps
I tried your instructions, but I get the still get the error that the key cannot be parsed.
Also, in the pdf you attached, the screenshot shows the HEX part of the CSR being pasted into the request, when in the instructions you say to only copy the part including "-----BEGIN CERTIFICATE REQUEST ---" etc... ?
I faced this same issue
once you generate the CSR commit the change
then follow the instructions given because the appliance might revert back to the previous certificate while you are working one the CA server
this should work