Versions Compared

Version Old Version 8 New Version 9
Changes made by

Alex Barth

Alex Barth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template

  2. Open an administrative PowerShell prompt

  3. In the same administrative PowerShell prompt, navigate to the location where the certificate request should be created: 

    Code Block
    #example
Set-Location C:\Working

  4. In the same administrative PowerShell prompt, run the following command to set the subject, any optional subject alternate names, and template of the certificate:  

    Code Block
    $cert_url = <FQDN for the certificate>
$cert_san = @("<certificate SAN #1>","<certificate SAN #2>",...)
$cert_template = <short name of the certificate template>

  5. In the same administrative PowerShell session, run one of the following:

    • For SSL certificates, run the following: 

      Code Block
      $cert_subject = ("CN=" + $cert_url")

  6. In the same administrative PowerShell prompt, run the following to create the INF file then open the INF file to review the output:


    Code Block
    $cert_file = $cert_url.Split(".")[0] + "_" + (Get-Date -Format yyyyMMdd-HHmmss)
$cert_file_inf = ((Get-Location).Path + "\" + $cert_file  + ".inf")
$cert_file_content = @"
[Version]
Signature=`"`$Windows NT`$`"
 
[NewRequest]
Subject=`"CN=$cert_url`subject`"
Exportable=TRUE
MachineKeySet=TRUE
KeyLength=2048
 
[Extensions]
2.5.29.17=`"{text}`"
_continue_=`"DNS=$cert_url&`"
"@
 
New-Item $cert_file_inf -Type File -Force
Set-Content $cert_file_inf $cert_file_content

  7. In the same administrative PowerShell prompt, run the following to add any subject alternate names to the INF file: 

    Code Block
    ForEach ($san in $cert_san) {Add-Content $cert_file_inf ("_continue_=`"DNS=$san&`"")}

  8. In the same administrative PowerShell prompt, run the following to create the request, submit the request to a certificate authority, then accept the response:

    Code Block
    $cert_file_req = ((Get-Location).Path + "\" + $cert_file  + ".req")
$cert_file_cer = ((Get-Location).Path + "\" + $cert_file  + ".cer")
certreq -new $cert_file_inf $cert_file_req
certreq -submit -attrib ("CertificateTemplate:" + $cert_template) $cert_file_req $cert_file_cer
certreq -accept $cert_file_cer

...