I am using a custom SSL cert (SHA-2) for ePO 5.3. Our cert team told me that we use:
1. unsecured private key (can be encrypted in ZIP file)
2. signed certificate chain contained in .P7B file format
I was not successful in generating a CSR following steps in KB72477.
Did you get similar problems following that KB724477. Can you share the steps that you did to get it to work? We don't have a cert team at my place of work as it is me who can issue SSL certs via InCommon.