Create the Austin certificate via PowerShell
...
Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template
...
Open an administrative PowerShell prompt
...
In the same administrative PowerShell prompt, navigate to the location where the certificate request should be created:
| Code Block |
|---|
#example
Set-Location C:\Working |
In the same administrative PowerShell prompt, run the following command to set the subject, any optional subject alternate names, and template of the certificate:
...
| Table of Contents | ||
|---|---|---|
|
Define the certificate subject and subject alternative names
Sign in to a computer then start an administrative PowerShell session
Modify then run the following commands to set the subject and template of the certificate as well as any optional DNS or IP Address subject alternate name values:
Code Block language powershell $Subject = "<subject for the certificate>"
...
$SubjectAlternateNames = @("<certificate SAN #1>","<certificate SAN #2>",...)
...
$CertificateIPAddresses =
...
In the same administrative PowerShell session, run one of the following:
...
@("<certificate IP address #1>","<certificate IP address #2>",...)
Create the certificate request
Run the following commands to define the newline string:
Code Block
...
$cert_subject = ("CN=" + $cert_url")In the same administrative PowerShell prompt, run the following to create the INF file then open the INF file to review the output:
...
language powershell $NewLine = [System.Environment]::NewLineRun the following commands to create the temporary files:
Code Block language powershell $CertificateTemplateFile = New-TemporaryFile $CertificateRequestFile = New-TemporaryFileRun the following commands to define the certificate template:
Code Block language powershell $CertificateTemplate = @' [Version] Signature=
...
"
...
$Windows
...
NT$" [NewRequest] Subject=
...
"CN=%Subject%" Exportable=TRUE MachineKeySet=TRUE KeyLength=2048 KeySpec=AT_KEYEXCHANGE [Extensions] 2.5.29.17=
...
"{text}
...
" _continue_=
...
"DNS=
...
%Subject%&
...
"
...
'@Run the following commands to update the subject in the certificate template:
Code Block language powershell $CertificateTemplate = $CertificateTemplate.Replace('%Subject%', $Subject)Run the following commands to add any optional DNS subject alternate names to the
...
certificate template:
Code Block language powershell ForEach (
...
$SubjectAlternateName in
...
$SubjectAlternateNames) {
...
$CertificateTemplate = '{0}{1}_continue_=
...
"DNS=
...
{2}&
...
In the same administrative PowerShell prompt, run the following to create the request, submit the request to a certificate authority, then accept the response:
| Code Block |
|---|
$cert_file_req = ((Get-Location).Path + "\" + $cert_file + ".req")
$cert_file_cer = ((Get-Location).Path + "\" + $cert_file + ".cer")
certreq -new $cert_file_inf $cert_file_req
certreq -submit -attrib ("CertificateTemplate:" + $cert_template) $cert_file_req $cert_file_cer
certreq -accept $cert_file_cer |
Export the Austin certificate via PowerShell
...
Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template
...
Open an administrative PowerShell prompt
...
In the same administrative PowerShell prompt, run the following command to set the filename and subject of the certificate:
| Code Block |
|---|
$cert_url = <FQDN for the certificate> |
In the same administrative PowerShell prompt, run one or more of the following to export the certificate:
...
To export the public and private keys to a PFX file, run the following commands:
| Code Block |
|---|
$cert_file = $cert_url.Split(".")[0] + "_" + (Get-Date -Format yyyyMMdd-HHmmss)
$cert_file_pfx = ((Get-Location).Path + "\" + $cert_file + ".pfx")
$cert_cred = Get-Credential -Credential "Certificate"
$cert_obj = Get-ChildItem -Path "cert:\LocalMachine\My" | Where-Object {$_.Subject -match $cert_url} | Sort-Object NotBefore -Descending | Select-Object -First 1
$cert_obj | Export-PfxCertificate -FilePath $cert_file_pfx -Password $cert_cred.Password |
To export the public key to a CRT and a PEM file, run the following commands:
...
"' -f $CertificateTemplate, $NewLine, $SubjectAlternateName }Run the following commands to add any optional IP Address subject alternate names to the certificate template:
Code Block language powershell ForEach ($CertificateIPAddress in $CertificateIPAddresses) { $CertificateTemplate = '{0}{1}_continue_="IPAddress={2}&"' -f $CertificateTemplate, $NewLine, $CertificateIPAddress }Run the following commands to trim the certificate template:
Code Block language powershell $CertificateTemplate = $CertificateTemplate -replace '&"\s*$', '"'Run the following commands to write the certificate template file:
Code Block language powershell $Content | Out-File -FilePath $CertificateTemplateFile -ForceRun the following commands to review the certificate template file:
Code Block language powershell Get-Content -Path $CertificateTemplateFileRun the following commands to create the certificate request file:
Code Block language powershell certreq -new -f $CertificateTemplateFile $CertificateRequestFileRun the following commands to review the certificate request file:
Code Block language powershell Get-Content -Path $CertificateRequestFileRun the following commands to retrieve the certificate request file name:
Code Block language powershell Get-Item -Path $CertificateRequestFile
Submit the certificate request to a certificate authority
To submit the certificate request to the preferred InCommon certificate authority, review and complete the SSL Request form in ServiceNow
To submit the certificate request to the internal Austin certificate authority, complete the instructions on the following page: Austin Certificates - How-To - Submit custom certificates requests