Prerequisites
- The requested certificate requires values that are not supported by InCommon such as:
- Lifetimes exceeding 398 days
- EKUs other than Digital Signature and Key Encipherment
- Subject Alternate Names that are not in an approved DNS domain
- Subject Alternate Names that are not DNS addresses such as an IP Address name
Submit the certificate request to an Austin CAs
- Sign in to a computer joined to the Austin Active Directory where the system has permissions to enroll for a certificate from the requested template
Start an administrative PowerShell session as a local administrator
Complete any remaining instructions in this PowerShell session unless directed otherwise
Modify then run the following commands to define the full path to certificate request file:
$cert_file_req = C:\Content\certificate\custom.req
Run one of the following commands to set the certificate template:
For VMware SSL certificates, run the following:
$cert_template = "VMwareSSL6.5"
For long-duration server certificates, run the following:
$cert_template = "Server-10Year"
Run the following commands to define where the signed certificate file will be created using the certificate request file
$cert_file_cer = (Get-Item $cert_file_req).DirectoryName + "\" + (Get-Item $cert_file_req).BaseName + ".cer"
Run the following commands to submit the request to an Austin certificate authority:
certreq -submit -attrib ("CertificateTemplate:" + $cert_template) $cert_file_req $cert_file_cer