Versions Compared

Version Old Version 6 New Version Current
Changes made by

Alex Barth

Alex Barth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
typeflat

Prerequisites

  • The computer requesting the certificate must have Enroll permissions for the requested certificate template

    • Contact the Active Directory team for assistance with certificate template permissions

  • The requested certificate requires one or more values that are not supported by InCommon certificates such as:

    • Lifetimes exceeding 398 days

    • EKUs

      Extended Key Usages other than Digital Signature and Key Encipherment 

    • Subject Alternate Names that are not in an approved DNS domain

    • Subject Alternate Names that are not DNS addresses such as an IP Address name

Submit the certificate request to an Austin CAs

  1. Sign in to a computer joined to the Austin Active Directory where the computer has permissions to enroll for a certificate from the requested template

  2. Start an administrative PowerShell session as a local

...

Info

Complete any remaining instructions in this PowerShell session unless directed otherwise

  1. administrator

  2. Navigate to the path where the certificate request is stored.

  3. Run the following commands to

...

  1. retrieve the name of certificate request

...

  1. :

    Code Block

...

  1. languagepowershell
    $Name = Read-Host -Prompt "Provide the name of the certificate request file"

  2. Run the following commands

...

  1. to retrieve the certificate to be imported: 

    Code Block

...

  1. languagepowershell
    $Request = Get-ChildItem

...

  1.  | Where-Object { $_.Name -Match

...

  1. $Name } | Sort-Object -Property LastWriteTime | Select-Object -Last 1

  2. Run one of the following commands to set the certificate template:

    • For VMware SSL certificates, run the following: 

      Code Block

...

    • languagepowershell
      $Template = "VMwareSSL6.5"

    • For long-duration server certificates, run the following: 

      Code Block

...

    • languagepowershell
      $Template = "Server-10Year"

  2. Run the following commands to define where the signed certificate file will be created using the certificate request file

    Code Block

...

  1. languagepowershell
    $Certificate =

...

  1. $Request.FullName -

...

  1. replace "$($Request.Extension)$", '.cer'

  2. Run the following commands to submit the request to

...

  1. the Austin

...

  1. Certificates service:

    Code Block
    languagepowershell
    certreq -submit -attrib

...

  1. "CertificateTemplate:$Template"

...

  1. $Request.FullName $Certificate