Versions Compared

Version Old Version 32 New Version Current
Changes made by

Alex Barth

Alex Barth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
typeflat

Skip ahead to the Submit the certificate request section for an existing certificate request.

Prerequisites

  • For Austin CA certificates, the computer referenced in the following instructions must have Enroll permissions for the requested certificate template
    • Contact the AD team for assistance with certificate template permissions

Define the certificate subject and subject alternative names

  1. Sign in to a computer

...

  1. then start

...

  1. an administrative PowerShell session 

...

...

Complete any remaining instructions in this PowerShell session unless directed otherwise

  1. Modify then run the following commands to set the subject and template of the certificate as well as any optional DNS or IP Address subject alternate name values:  

    Code Block

...

  1. languagepowershell
    $Subject =

...

  1. "<subject for the certificate>"

...

  1. $SubjectAlternateNames = @("<certificate SAN #1>","<certificate SAN #2>",...)

...

  1. $CertificateIPAddresses = @("<certificate IP address #1>","<certificate IP address #2>",...)

Create the certificate request

...

  1. Run the following commands to define the newline string: 

    Code Block
    languagepowershell
    $NewLine = [System.Environment]::NewLine

  2. Run the following commands to create the temporary files

...

  1. Code Block

...

  1. languagepowershell
    $CertificateTemplateFile = New-TemporaryFile

...

  1. $CertificateRequestFile = New-TemporaryFile

  2. Run the following commands to

...

  1. define the certificate

...

  1. template:

    Code Block

...

  1. languagepowershell
    $CertificateTemplate = @

...

  1. '
[Version]
Signature=

...

  1. "

...

  1. $Windows

...

  1. NT$"
  
[NewRequest]
Subject=

...

  1. "CN=

...

  1. %Subject%"
Exportable=TRUE
MachineKeySet=TRUE
KeyLength=2048
KeySpec=AT_KEYEXCHANGE
  
[Extensions]
2.5.29.17=

...

  1. "{text}

...

  1. "
_continue_=

...

  1. "DNS=

...

  1. %Subject%&

...

  1. "

...

  1. '@

  2. Run the following commands to update the subject in the certificate template: 

    Code Block
    languagepowershell
    $CertificateTemplate = $CertificateTemplate.Replace('%Subject%', $Subject)

  3. Run the following commands to add any optional DNS subject alternate names to the certificate

...

  1. template

    Code Block
    languagepowershell
    ForEach (

...

  1. $SubjectAlternateName in

...

  1. $SubjectAlternateNames) {

...

  1.  $CertificateTemplate = '{0}{1}_continue_=

...

  1. "DNS=

...

  1. {2}&

...

  1. "' -f $CertificateTemplate, $NewLine, $SubjectAlternateName }

  2. Run the following commands to add any optional IP Address subject alternate names to the certificate

...

  1. template

    Code Block
    languagepowershell
    ForEach (

...

  1. $CertificateIPAddress in

...

  1. $CertificateIPAddresses) {

...

  1.  $CertificateTemplate = '{0}{1}_continue_=

...

  1. "IPAddress={2}&"' -f $CertificateTemplate, $NewLine, $CertificateIPAddress }

  2. Run the following commands to trim the certificate template:

    Code Block
    languagepowershell
    $CertificateTemplate = $CertificateTemplate -replace '&"\s*$', '"'

  3. Run the following commands to write the certificate template file:

    Code Block
    languagepowershell
    $Content | Out-File -FilePath $CertificateTemplateFile -Force

  4. Run the following commands to review the certificate template file: 

    Code Block
    languagepowershell
    Get-Content -Path $CertificateTemplateFile

  5. Run the following commands to create the certificate request file:

    Code Block
    languagepowershell
    certreq -new

...

  1. -f $CertificateTemplateFile $CertificateRequestFile

  2. Run the following commands to review the certificate request file

    Code Block
    languagepowershell
    Get-Content

...

  1. -Path $CertificateRequestFile

  2. Run the following commands to retrieve the certificate request file name: 

    Code Block
    languagepowershell
    Get-Item

...

  1.  -Path $CertificateRequestFile

Submit the certificate request to a certificate authority

  • To submit the certificate request to

...

  • the preferred InCommon certificate authority, review and complete the SSL Request form in ServiceNow

...

  •  

  • To submit the certificate request to

...

  • the internal Austin certificate authority, complete the instructions on the following

...

Accept the certificate request

...

  1. Ensure the certificate is on or accessible by the system that created the original certificate request
  2. Log into the system that created the original certificate request
  3. Start an administrative PowerShell session and set the $cert_file_cer object to the full path of the signed certificate file that will be accepted

In the same administrative PowerShell prompt, run the following to accept the response: 

...

References