Request a server certificate from the Austin CAs via PowerShell
Log Sign into a Windows system joined to the Austin Active Directory where the system has permissions to request a certificate from the desired template.
- Start an administrative PowerShell session
Modify then modify and run the followingrun the following commands to define the required and optional DNS host names for the certificate:
Code Block language powershell $cert_url = <FQDN for the certificate> $cert_san = @("<FQDN for certificate SAN #1>","<FQDN for certificate SAN #2>",...)In the same administrative PowerShell session, run the following to format the subject names on the certificate:
Code Block $cert_sub = ("CN=" + $cert_url) If ($cert_san) {$cert_dns = $cert_san + $cert_url} Else {$cert_dns = $cert_url}In the same administrative PowerShell session, run one of the following to set the certificate template:
For a Server (10 year duration) certificate, run the following:
Code Block language powershell $cert_template = "Server-10year"
For a VMware SSL certificate, run the following:
Code Block $cert_template = "VMwareSSL6.5"
In the same administrative PowerShell session, run the following to request the certificate:
Code Block language powershell # request the certificate for the local computer Get-Certificate -Url ldap: -CertStoreLocation "Cert:\LocalMachine\My" -Template $cert_template -SubjectName $cert_sub -DnsName $cert_dns
Request a user certificate from the Austin CAs via PowerShell
- Log into a system joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template
- Start an administrative PowerShell session then run one of the following:
For a Code Signing certificate, run the following:
Code Block language powershell # request the certificate for the current user Get-Certificate -Url ldap: -CertStoreLocation "Cert:\CurrentUser\My" -Template "CodeSigning(Exportable)"