Microsoft Knowledge Base Article 890772 contains the following summary:
If you want to make an Enterprise certification authority (CA) compliant with the ISIS-MTT version 1.1 standard, follow the steps that are described in this article. The issuing CA must force UTF-8 encoding. After a certificate request is submitted, the key usage attribute must be marked "critical" during the certificate submission process. You can then issue and verify the certificate.