Versions Compared

Version Old Version 30 New Version 31
Changes made by

Alex Barth

Alex Barth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template

  2. Start an administrative PowerShell session

  3. In the same administrative PowerShell session, navigate to the location where the certificate request should be created: 

    Code Block
    #example
Set-Location $env:windir\temp

  4. In the same administrative PowerShell prompt, run the following to create the certificate policy file

    Code Block
    $cert_file = $cert_fqdn + "_" + (Get-Date -Format yyyyMMdd-HHmmss)
$cert_file_inf = ((Get-Location).Path + "\" + $cert_file  + ".inf")
$cert_file_content = @"
[Version]
Signature=`"`$Windows NT`$`"
 
[NewRequest]
Subject=`"CN=$cert_fqdn`"
Exportable=TRUE
MachineKeySet=TRUE
KeyLength=2048
 
[Extensions]
2.5.29.17=`"{text}`"
_continue_=`"DNS=$cert_fqdn&`"
"@
 
New-Item $cert_file_inf -Type File -Force
Set-Content $cert_file_inf $cert_file_content

  5. In the same administrative PowerShell prompt, run the following to add any DNS subject alternate names to the certificate policy file: 

    Code Block
    ForEach ($san in $cert_sans) {Add-Content $cert_file_inf ("_continue_=`"DNS=$san&`"")}

  6. In the same administrative PowerShell prompt, run the following to add any IP Address subject alternate names to the certificate policy file: 

    Code Block
    ForEach ($ipaddr in $cert_ipaddrs) {Add-Content $cert_file_inf ("_continue_=`"IPAddress=$ipaddr&`"")}

  7. In the same administrative PowerShell prompt, run the following to create the request:

    Code Block
    $cert_file_req = ((Get-Location).Path + "\" + $cert_file  + ".req")
certreq -new $cert_file_inf $cert_file_req

  8. In the same administrative PowerShell prompt, run the following to validate the request: 

    Code Block
    notepadGet-Content $cert_file_req

Submit the certificate request to an Austin CAs

...

  1. If accepting a certificate file signed by an external certificate authority such as InCommon, complete the following instructions:
    1. Ensure the certificate is on or accessible by the system that created the original certificate request
    2. Log into the system that created the original certificate request
    3. Start an administrative PowerShell session and set the $cert_file_cer object to the full path of the signed certificate file that will be accepted

  2. In the same administrative PowerShell prompt, run the following to accept the response: 

    Code Block
    certreqImport-Certificate -CertStoreLocation Cert:\LocalMachine\My -acceptFilePath $cert_file_cer