Versions Compared

Version Old Version 32 New Version 33
Changes made by

Alex Barth

Alex Barth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Review then run the following commands to create the temporary files for the certificate policy file and certificate request file: 

    Code Block
    $cert_file_inf = New-TemporaryFile
$cert_file_req = New-TemporaryFile


  2. Run the following commands to create the certificate policy file

    Code Block
    $cert_file_content = @"
[Version]
Signature=`"`$Windows NT`$`"
 
[NewRequest]
Subject=`"CN=$cert_fqdn`"
Exportable=TRUE
MachineKeySet=TRUE
KeyLength=2048
 
[Extensions]
2.5.29.17=`"{text}`"
_continue_=`"DNS=$cert_fqdn&`"
"@
 
New-Item $cert_file_inf -Type File -Force
Set-Content $cert_file_inf $cert_file_content


  3. Run the following commands to add any optional DNS subject alternate names to the certificate policy file: 

    Code Block
    ForEach ($san in $cert_sans) {Add-Content $cert_file_inf ("_continue_=`"DNS=$san&`"")}


  4. Run the following commands to add any optional IP Address subject alternate names to the certificate policy file: 

    Code Block
    ForEach ($ipaddr in $cert_ipaddrs) {Add-Content $cert_file_inf ("_continue_=`"IPAddress=$ipaddr&`"")}


  5. Run the following commands to create the certificate request file:

    Code Block
    certreq -new $cert_file_inf $cert_file_req


  6. Run the following commands to review the certificate request: 

    Code Block
    Get-Content $cert_file_req


  7. Run the following commands to retrieve the certificate request file name: 

    Code Block
    Get-Item $cert_file_req


Submit the certificate request to

...

a certificate authority

  • To submit the certificate request to the preferred InCommon certificate authority, review and complete the SSL Request form in ServiceNow

...

  •  

  • To submit the certificate request to

...

  • the internal Austin certificate authority, complete the instructions on the following

...

...

Install the signed certificate

...

  1. Ensure the certificate is on or accessible by the system that created the original certificate request
  2. Log into the system that created the original certificate request
  3. Start an administrative PowerShell session and set the $cert_file_cer object to the full path of the signed certificate file that will be accepted

In the same administrative PowerShell prompt, run the following to accept the response: 

...

Info

Certificates submitted to the Austin certificate authority should be imported automatically as part of the submission process and do not need to be manually imported

  1. Complete the instructions on the following page using the certificate request file generated above: