Versions Compared

Version Old Version 3 New Version 4
Changes made by

Alex Barth

Alex Barth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open an MMC window
  2. Add the Certificates snap-in
    • Note: certain certificates can only be requested by user or computer accounts; set the snap-in account appropriately
  3. Expand Certificates then right click on Personal
  4. Select All Tasks then Request New Certificate...
  5. Click Next then select Active Directory Enrollment Policy
  6. Click Next then check the box next to the name of the desired template
    • Utilize VMware SSL 6.5 for any VMware products or interaction
    • Utilize Server (10 Year Duration) for long duration use cases (requires permissions from the AD team)
    • Utilize Web Server with IPSEC for default use cases that require IPSec (such as printers that need IPsec and HTTPS)
    • Utilize Web Server 2048 bit key for all other default cases
  7. Click on Details on the desired template to expand the request information then click Properties
  8. Set the Subject name type drop down to Common name
  9. Set the Subject name value to the FQDN for the certificate then click Add to include the value on the certificate
  10. Set the Alternate name type drop down to DNS name
  11. Set the Alternate name value to the FQDN for the certificate then click Add to include the value on the certificate
  12. Repeat the previous step as necessary to add additional FQDNs to the certificateExpand Details and select Properties
  13. On the General tab, set a friendly name for certificate (ex. the name on the certificate)
  14. On the Subject tab, set the following as appropriate:
    1. A subject name of type common name with the name on the certificate
    2. All required alternative names of type DNS with the subject alternate names on the certificate
  15. On the Extensions tab, set the following as appropriate:
    1. Set the key usages to digital signature  and  key encipherment
    2. Set the extended key usage to server authentication
  16. On the Private Key tab, set the following as appropriate:
    1. Set the key options to a key size of at least 2048 and set Make private key exportable
  17. Click OK then click Enroll

...