Create the Austin certificate via PowerShell
Note: this process must be run on the primary EID Feed server in each domain.
Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template
Open an administrative PowerShell prompt
In the same administrative PowerShell prompt, navigate to the location where the certificate request should be created:
Code Block #example Set-Location C:\Working
In the same administrative PowerShell prompt, run the following command to set the subject of the certificate:
Code Block $cert_url = <FQDN for the certificate> $cert_template = <short name of the certificate template>
In the same administrative PowerShell prompt, run the following to create the INF file then open the INF file to review the output:
Code Block $cert_inf = ((Get-Location).Path + "\" + $cert_url + ".inf") $cert_req = ((Get-Location).Path + "\" + $cert_url + ".req") $cert_cer = ((Get-Location).Path + "\" + $cert_url + ".cer") $cert_txt = @" [Version] Signature=`"`$Windows NT`$`" [NewRequest] Subject=`"CN=$cert_url`" Exportable=TRUE MachineKeySet=TRUE KeyLength=2048 KeySpec=1 [RequestAttributes] CertificateTemplate=$cert_template "@ New-Item $cert_inf -Type File -Force Set-Content $cert_inf $cert_txt notepad $cert_inf
In the same administrative PowerShell prompt, run the following to create the request, submit the request to a certificate authority, then accept the response:
Code Block certreq -new $cert_inf $cert_req certreq -submit $cert_req $cert_cer certreq -accept $cert_cer
In the same administrative PowerShell prompt, run the following to create the request, submit the request to a certificate authority, then accept the response:
Code Block $cert_pw = Read-Host -Prompt "Enter password" -AsSecureString
In the same administrative PowerShell prompt, run the following to create the request, submit the request to a certificate authority, then accept the response:
Code Block $cert_obj = Get-ChildItem -Path "cert:\LocalMachine\My" | Where-Object {$_.Subject -match "eidfeed-"} | Sort-Object NotBefore -Descending | Select-Object -First 1 $cert_rca = Get-ChildItem -Path "cert:\LocalMachine\Root" | Where-Object {$_.Subject -match $cert_obj.Issuer} | Sort-Object NotBefore -Descending | Select-Object -First 1 $cert_obj | Export-PfxCertificate -FilePath $cert_pfx -Password $cert_pw $cert_rca | Export-Certificate -FilePath $cert_crt
Export the Austin certificate via PowerShell
Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template
Open an administrative PowerShell prompt
In the same administrative PowerShell prompt, run the following command to set the subject of the certificate:
Code Block $cert_url = <FQDN for the certificate>
In the same administrative PowerShell prompt, run the following command to set the password for the exported PFX file:
Code Block $cert_pw = Read-Host -Prompt "Enter password" -AsSecureString
In the same administrative PowerShell prompt, run the following to identify the certificate then export the PFX and CRT files:
Code Block $cert_pfx = ((Get-Location).Path + "\" + $cert_url + ".pfx") $cert_crt = ((Get-Location).Path + "\" + $cert_url + ".crt") $cert_obj = Get-ChildItem -Path "cert:\LocalMachine\My" | Where-Object {$_.Subject -match $cert_url} | Sort-Object NotBefore -Descending | Select-Object -First 1 $cert_rca = Get-ChildItem -Path "cert:\LocalMachine\Root" | Where-Object {$_.Subject -match $cert_obj.Issuer} | Sort-Object NotBefore -Descending | Select-Object -First 1 $cert_obj | Export-PfxCertificate -FilePath $cert_pfx -Password $cert_pw $cert_rca | Export-Certificate -FilePath $cert_crt