Microsoft Knowledge Base Article 888180 contains the following summary:
If you want to make a stand-alone certification authority (CA) compliant with the ISIS-MTT version 1.1 standard, follow the steps that are described in this article. The issuing CA must force UTF-8 encoding. After a certificate request is submitted, the key usage attribute must be marked critical during the certificate submission process. You can then issue and verify the certificate.