Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 32 Next »

Skip ahead to the Submit the certificate request section for an existing certificate request.

Prerequisites

  • For Austin CA certificates, the computer referenced in the following instructions must have Enroll permissions for the requested certificate template
    • Contact the AD team for assistance with certificate template permissions

Define the certificate subject and subject alternative names

  1. Sign in to a computer joined to the Austin Active Directory then start an administrative PowerShell session 

    Complete any remaining instructions in this PowerShell session unless directed otherwise

  2. Modify then run the following commands to set the subject and template of the certificate as well as any optional DNS or IP Address subject alternate name values:  

    $cert_fqdn = <FQDN for the certificate>
$cert_sans = @("<certificate SAN #1>","<certificate SAN #2>",...)
$cert_ipaddrs = @("<certificate IP address #1>","<certificate IP address #2>",...)

Create the certificate request

  1. Review then run the following commands to create the temporary files for the certificate policy file and certificate request file: 

    $cert_file_inf = New-TemporaryFile
$cert_file_req = New-TemporaryFile

  2. Run the following commands to create the certificate policy file

    $cert_file_content = @"
[Version]
Signature=`"`$Windows NT`$`"
 
[NewRequest]
Subject=`"CN=$cert_fqdn`"
Exportable=TRUE
MachineKeySet=TRUE
KeyLength=2048
 
[Extensions]
2.5.29.17=`"{text}`"
_continue_=`"DNS=$cert_fqdn&`"
"@
 
New-Item $cert_file_inf -Type File -Force
Set-Content $cert_file_inf $cert_file_content

  3. Run the following commands to add any optional DNS subject alternate names to the certificate policy file: 

    ForEach ($san in $cert_sans) {Add-Content $cert_file_inf ("_continue_=`"DNS=$san&`"")}

  4. Run the following commands to add any optional IP Address subject alternate names to the certificate policy file: 

    ForEach ($ipaddr in $cert_ipaddrs) {Add-Content $cert_file_inf ("_continue_=`"IPAddress=$ipaddr&`"")}

  5. Run the following commands to create the certificate request file:

    certreq -new $cert_file_inf $cert_file_req

  6. Run the following commands to review the certificate request: 

    Get-Content $cert_file_req

  7. Run the following commands to retrieve the certificate request file name: 

    Get-Item $cert_file_req

Submit the certificate request to InCommon

  1. Review and complete the SSL Request form in ServiceNow using the certificate request file generated above

Submit the certificate request to an Austin CAs

  1. Complete the instructions on the following page using the certificate request file generated above:

Accept the certificate request

  1. If accepting a certificate file signed by an external certificate authority such as InCommon, complete the following instructions:
    1. Ensure the certificate is on or accessible by the system that created the original certificate request
    2. Log into the system that created the original certificate request
    3. Start an administrative PowerShell session and set the $cert_file_cer object to the full path of the signed certificate file that will be accepted

  2. In the same administrative PowerShell prompt, run the following to accept the response: 

    Import-Certificate -CertStoreLocation Cert:\LocalMachine\My -FilePath $cert_file_cer


  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility