Versions Compared

Version Old Version 11 New Version 12
Changes made by

Alex Barth

Alex Barth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The following instructions allow a user to request a certificate from the AD CAs. 

Create the request

  1. Open an MMC window (start → run "mmc.msc")
  2. Add the Certificates snap-inNote: certain certificates can only be requested by user or computer accounts; set the snap-in account appropriatelySign in to the computer where the certificate will be created
  3. Open one of the following consoles:
    • Open certlm.msc for machine certificates
    • Open certmgr.msc for user certificates
  4. Expand Certificates then right click on Personal
  5. Select All Tasks then Request New Certificate...
  6. Click Next then select Active Directory Enrollment Policy
  7. Click Next then check the box next to the name of the desired template
    • Utilize VMware SSL 6.5 for any VMware products or interaction
    • Utilize Server (10 Year Duration) for long duration use cases (requires permissions from the AD team)
    • Utilize Web Server with IPSEC for use cases that require IPSec (such as printers that need IPsec and HTTPS)
    • Utilize Web Server 2048 bit key for all other default cases
  8. Expand Details and select Properties
  9. On the General tab, set a friendly name for certificate
    • Ex. the name on the certificate and the date
  10. On the Subject tab, set the following as appropriate:
    1. A subject name of type common name with the name on the certificate
    2. An alternative name of type DNS with the name on the certificate
    3. All other required additional names of type DNS with the subject alternate names on the certificate
  11. On the Extensions tab, set the following as appropriate:
    1. Set the key usages to digital signature and key encipherment
    2. Set the extended key usage to server authentication
  12. On the Private Key tab, set the following as appropriate:
    1. Set the key options to a key size of at least 2048 and set  
    2. Check the Make private key exportable option if the certificate needs to be utilized on multiple systems
  13. Click OK then click Enroll

Export the keypair (optional)

  1. Open an MMC window
  2. Add the Certificates snap-in
    • Note: certain certificates can only be requested by user or computer accounts; set the snap-in account appropriately
  3. Expand Certificates then Certificate Enrollment Requests then Certificates
  4. Right click on the certificate to export and select All tasks... then Export...
  5. Click Next then select Yes, export the private key
  6. Click Next twice
  7. Check the Password box and set a complex password
  8. Click Next 
  9. Specify a file name for the certificate request
  10. Click Next then click Finish