| Table of Contents | ||
|---|---|---|
|
Define the certificate subject and subject alternative names
Sign in to a computer then start an administrative PowerShell session
Modify then run the following commands to set the subject and template of the certificate as well as any optional DNS or IP Address subject alternate name values:
Code Block language powershell $cert_fqdn$Subject = <FQDN"<subject for the certificate>" $cert_sans$SubjectAlternateNames = @("<certificate SAN #1>","<certificate SAN #2>",...) $cert_ipaddrs$CertificateIPAddresses = @("<certificate IP address #1>","<certificate IP address #2>",...)
Create the certificate request
Run the following commands to define the newline string:
Code Block language powershell $NewLine = [System.Environment]::NewLineRun the following commands to create the temporary files for the certificate policy file and certificate request file:
Code Block language powershell $cert_file_inf$CertificateTemplateFile = New-TemporaryFile $cert_file_req$CertificateRequestFile = New-TemporaryFile
Run the following commands to create define the certificate template file for certreq.exe (aka the certificate .INF file):
Code Block $cert_file_content language powershell $CertificateTemplate = @"' [Version] Signature=`"`$Windows$Windows NT`$`NT$" [NewRequest] Subject=`"CN=$cert_fqdn`" # the following allows the certificate to be exported Exportable=TRUE # the following places the certificate in the computer store %Subject%" Exportable=TRUE MachineKeySet=TRUE KeyLength=2048 KeySpec=AT_KEYEXCHANGE [Extensions] 2.5.29.17=`"{text}`" _continue_=`"DNS=$cert_fqdn%Subject%&`" "@ Set-Content -Path $cert_file_inf -Value $cert_file_content'@
Run the following commands to update the subject in the certificate template:
Code Block language powershell $CertificateTemplate = $CertificateTemplate.Replace('%Subject%', $Subject)Run the following commands to add any optional DNS subject alternate names to the certificate policy filetemplate:
Code Block language powershell ForEach ($san$SubjectAlternateName in $cert_sans$SubjectAlternateNames) {Add-Content -Path $cert_file_inf -Value ("$CertificateTemplate = '{0}{1}_continue_=`"DNS=$san{2}&`"")"' -f $CertificateTemplate, $NewLine, $SubjectAlternateName }
Run the following commands to add any optional IP Address subject alternate names to the certificate policy filetemplate:
Code Block language powershell ForEach ($ipaddr$CertificateIPAddress in $cert_ipaddrs$CertificateIPAddresses) {Add-Content -Path $cert_file_inf -Value ("$CertificateTemplate = '{0}{1}_continue_=`"IPAddress=$ipaddr&`"")}"IPAddress={2}&"' -f $CertificateTemplate, $NewLine, $CertificateIPAddress }
Run the following commands to trim the certificate template:
Code Block language powershell $CertificateTemplate = $CertificateTemplate -replace '&"\s*$', '"'Run the following commands to write the certificate template file:
Code Block language powershell $Content | Out-File -FilePath $CertificateTemplateFile -ForceRun the following commands to to review the certificate policy template file:
Code Block language powershell Get-Content $cert_file_inf -Path $CertificateTemplateFile
Run the following commands to create the certificate request file:
Code Block language powershell certreq -new -f $cert_file_inf $cert_file_req$CertificateTemplateFile $CertificateRequestFile
Run the following commands to review the certificate request file:
Code Block language powershell Get-Content $cert_file_req-Path $CertificateRequestFile
Run the following commands to retrieve the certificate request file name:
Code Block language powershell Get-Item $cert_file_req-Path $CertificateRequestFile
Submit the certificate request to a certificate authority
To submit the certificate request to the preferred InCommon certificate authority, review and complete the SSL Request form in ServiceNow
To submit the certificate request to the internal Austin certificate authority, complete the instructions on the following page: Austin Certificates - How-To - Submit custom certificates requests