Content Comparison

Skip ahead to the Submit the certificate request section for an existing certificate request.

Prerequisites

• For Austin CA certificates, the computer referenced in the following instructions must have Enroll permissions for the requested certificate template
  • Contact the AD team for assistance with certificate template permissions

Define the certificate subject and subject alternative names

1. Sign in to a computer joined to the Austin Active Directory then start an administrative PowerShell session 

   Info
   Complete any remaining instructions in this PowerShell session unless directed otherwise

   
   

2. Modify then run the following commands to set the subject and template of the certificate as well as any optional DNS or IP Address subject alternate name values:  

   Code Block
   $cert_fqdn = <FQDN for the certificate> $cert_sans = @("<certificate SAN #1>","<certificate SAN #2>",...) $cert_ipaddrs = @("<certificate IP address #1>","<certificate IP address #2>",...)

   
   

Create the certificate request

1. Review then run the following commands to create the temporary files for the certificate policy file and certificate request file: 

   Code Block
   $cert_file_inf = New-TemporaryFile $cert_file_req = New-TemporaryFile

   
   

2. Run the following commands to create the certificate policy file

   Code Block
   $cert_file_content = @" [Version] Signature=`"`$Windows NT`$`" [NewRequest] Subject=`"CN=$cert_fqdn`" Exportable=TRUE MachineKeySet=TRUE KeyLength=2048 [Extensions] 2.5.29.17=`"{text}`" _continue_=`"DNS=$cert_fqdn&`" "@ New-Item $cert_file_inf -Type File -Force Set-Content $cert_file_inf $cert_file_content

   
   

3. Run the following commands to add any optional DNS subject alternate names to the certificate policy file: 

   Code Block
   ForEach ($san in $cert_sans) {Add-Content $cert_file_inf ("_continue_=`"DNS=$san&`"")}

   
   

4. Run the following commands to add any optional IP Address subject alternate names to the certificate policy file: 

   Code Block
   ForEach ($ipaddr in $cert_ipaddrs) {Add-Content $cert_file_inf ("_continue_=`"IPAddress=$ipaddr&`"")}

   
   

5. Run the following commands to create the certificate request file:

   Code Block
   certreq -new $cert_file_inf $cert_file_req

   
   

6. Run the following commands to review the certificate request: 

   Code Block
   Get-Content $cert_file_req

   
   

7. Run the following commands to retrieve the certificate request file name: 

   Code Block
   Get-Item $cert_file_req

   
   

Submit the certificate request to a certificate authority

• To submit the certificate request to the preferred InCommon certificate authority, review and complete the SSL Request form in ServiceNow 

• To submit the certificate request to the internal Austin certificate authority, complete the instructions on the following page: AAD - Certificates - How-To - Submit custom certificates requests

Install the signed certificate

...