Versions Compared

Version Old Version 27 New Version 28
Changes made by

Alex Barth

Alex Barth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template

  2. Start an administrative PowerShell session

  3. In the same administrative PowerShell session, modify then run the following command to set the subject, any optional DNS or IP Address subject alternate names, and template of the certificate:  

    Code Block
    $cert_urlfqdn = <FQDN for the certificate>
$cert_sans = @("<certificate SAN #1>","<certificate SAN #2>",...)
$cert_ipaddrs = @("<certificate IP address #1>","<certificate IP address #2>",...)

...

  1. Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template

  2. Start an administrative PowerShell session

  3. In the same administrative PowerShell session, navigate to the location where the certificate request should be created: 

    Code Block
    #example
Set-Location C:\Working

  4. In the same administrative PowerShell prompt, run the following to create the certificate policy file

    Code Block
    $cert_file = $cert_urlfqdn + "_" + (Get-Date -Format yyyyMMdd-HHmmss)
$cert_file_inf = ((Get-Location).Path + "\" + $cert_file  + ".inf")
$cert_file_content = @"
[Version]
Signature=`"`$Windows NT`$`"
 
[NewRequest]
Subject=`"CN=$cert_url`fqdn`"
Exportable=TRUE
MachineKeySet=TRUE
KeyLength=2048
 
[Extensions]
2.5.29.17=`"{text}`"
_continue_=`"DNS=$cert_urlfqdn&`"
"@
 
New-Item $cert_file_inf -Type File -Force
Set-Content $cert_file_inf $cert_file_content

  5. In the same administrative PowerShell prompt, run the following to add any DNS subject alternate names to the certificate policy file: 

    Code Block
    ForEach ($san in $cert_sans) {Add-Content $cert_file_inf ("_continue_=`"DNS=$san&`"")}

  6. In the same administrative PowerShell prompt, run the following to add any IP Address subject alternate names to the certificate policy file: 

    Code Block
    ForEach ($ipaddr in $cert_ipaddrs) {Add-Content $cert_file_inf ("_continue_=`"IPAddress=$ipaddr&`"")}

  7. In the same administrative PowerShell prompt, run the following to create the request:

    Code Block
    $cert_file_req = ((Get-Location).Path + "\" + $cert_file  + ".req")
certreq -new $cert_file_inf $cert_file_req

...