@HotCakeX  thank you for response.

In normal Edge mode when I clicked on advanced certificate request I was directly redirected to "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. " page.

The page where I have option to select "Create and submit a request to this CA. " or  "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. " was not displayed.

@Andres Pae 

Thank you for response. We are trying to simplify environment as much as possible but it seems that vision to have only one web browser is not realistic.

@VjekoV  I got little more information from MS.

Indeed - the webpage hasnt gotten any recent updates to make it compatible with Edge. Currently IE engine is present on all supported MS Windows OS'es , and remains there until lifecycle ends. So "easy" solution is to remeber to open certificate enrollment page always with IE. If You need more Enterprise solution - You should investigate Edge IE  Enterprise mode ( which allows automatic redirection/opening of listed sites in IE) - https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie...

@Andres Pae 

I do realize this is an old post, but here we are 2021 October and now Windows 11 doesn't include IE at all. Haven't had a chance to try Server 2021 to see if its pki finally fixed this problem? Seems like a MASSIVE miss if it doesn't fix the problem.

@J 1901 Commercial (at least standard solution)  is no option for company using PKI heavily in infra ( for example automatically enrolling and renewing user/device certificates , 802.1X authentication, etc) . And this part is working well. If Your company size is thousands of endpoints it should be handled automatically ( GPO, certificate templates does great job here) BUT some part is stuck in history which makes entire MS PKI solution not modern :( .  

@Keith_D I wish you were wrong and a solution would have been published.  However, I too am in this same situation where I have a major dependence upon the MS internal CA and would really like to have an easy way for us to continue using this service.  A replacement has been avoided due to the institutional impact and complicated change management.  If there is any update on this I would really appreciate a follow-up post.

@saraalex - I'm afraid you're having a very different and unrelated problem with your website. The problem being discussed in this thread isn't related to trouble with websites on the internet not working correctly in the Edge browser, so you'll need to seek help with that on another post or forum related to whatever the problem is that you're having with Edge on your website. You might be better off seeking help for that kind of issue on one of the website developer help forums, as the users on those sites will have a lot more experience in that area.

I can tell you that the certificate for your website was issued by Cloudflare on July 10th, and there are no problems with your website certificate according to the certificate checkers at sslshopper.com, digicert.com, thesslstore.com, or Qualys' ssllabs.com, and Cloudflare doesn't use the Windows Certificate Authority for issuing those certificates. If you were having the problem we're discussing here, you wouldn't have a certificate on your website because you wouldn't be able to get one in the first place because of this issue.

What we're talking about here is a problem with the Microsoft Windows Certificate Authority product that's built into Windows Server, which still requires using Microsoft Internet Explorer for some of its functionality despite Microsoft having retired Internet Explorer and no longer shipping it with any of the latest versions of Windows. Their current certificate authority product is not compatible with any currently supported web browser available in their latest operating systems despite that product still being shipped in their latest operating systems with that requirement. It's a catch-22 for Windows server and network administrators who use the Windows Certificate Authority product.

I hope that helps.

It's crazy that a core Microsoft security-related application still has an ActiveX dependency in 2022

@NickF101 It's not actually an ActiveX dependency - you can disable ActiveX completely in IE and this will still work. It's the authentication mechanism used by the Certificate Authority's webpage. Edge doesn't support that authentication mechanism and neither does any other browser but Internet Explorer.

The setting in Internet Explorer is in Internet Options -> Security -> Custom Level... -> User Authentication -> Logon (scroll to the very bottom of the list). It requires one of the options that allows you to authenticate through the web browser to the server so it can perform the CA operations under your AD credentials. This is not supported in anything but Internet Explorer to my knowledge, and I haven't ever found any documentation from Microsoft on how to replicate this functionality in any other way for the Certificate Authority's web interface.