Versions Compared

Version Old Version 1 New Version Current
Changes made by

Alex Barth

Alex Barth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
typeflat

Prerequisites

  • The computer requesting the certificate must have Enroll permissions for the requested certificate template

    • Contact the Active Directory team for assistance with certificate template permissions

  • The requested certificate requires one or more values that are not supported by InCommon certificates such as:

    • Lifetimes exceeding 398 days

    • EKUs

      Extended Key Usages other than Digital Signature and Key Encipherment 

    • Subject Alternate Names that are not

      under the utexas.edu

      in an approved DNS domain

    • Subject Alternate Names that are not DNS addresses such as an IP Address name

Submit the certificate request to an Austin CAs

  1. Sign in to a computer joined to the Austin Active Directory where the

...

  1. computer has permissions to

...

  1. enroll for a certificate

...

  1. from the

...

  1. requested template

  2. Start an administrative PowerShell session as a local

...

Info

Complete any remaining instructions in this PowerShell session unless directed otherwise

Modify then run the following commands to define the full path to certificate request file:

...

  1. administrator

  2. Navigate to the path where the certificate request is stored.

  3. Run the following commands to retrieve the name of certificate request:

    Code Block
    languagepowershell
    $Name = Read-Host -Prompt "Provide the name of the certificate request file"

  4. Run the following commands to retrieve the certificate to be imported: 

    Code Block
    languagepowershell
    $Request = Get-ChildItem | Where-Object { $_.Name -Match $Name } | Sort-Object -Property LastWriteTime | Select-Object -Last 1

  5. Run one of the following commands to set the certificate template:

    • For VMware SSL certificates, run the following: 

      Code Block

...

    • languagepowershell
      $Template = "VMwareSSL6.5"

    • For long-duration server certificates, run the following: 

      Code Block

...

    • languagepowershell
      $Template = "Server-10Year"

  2. Run the following commands to define where the signed certificate file will be created using the certificate request file

    Code Block

...

  1. languagepowershell
    $Certificate =

...

  1. $Request.FullName -replace "$($Request.Extension)$", '.cer'

  2. Run the following commands to submit the request to

...

  1. the Austin

...

  1. Certificates service:

    Code Block
    languagepowershell
    certreq -submit -attrib

...

  1. "CertificateTemplate:$Template"

...

  1. $Request.FullName $Certificate