Prerequisites
- The requested certificate requires one or more values that are not supported by InCommon certificates such as:
- Lifetimes exceeding 398 days
- EKUs other than Digital Signature and Key Encipherment
- Subject Alternate Names that are not in an approved DNS domain
- Subject Alternate Names that are not DNS addresses such as an IP Address name
Submit the certificate request to an Austin CAs
- Sign in to a computer joined to the Austin Active Directory where the computer has permissions to enroll for a certificate from the requested template
Start an administrative PowerShell session as a local administrator
Complete any remaining instructions in this PowerShell session unless directed otherwise
Run the following commands to define the certificate request file:
$path_req = Read-Host -Prompt "Provide the path to the certificate request file" $name_req = Read-Host -Prompt "Provide the name of the certificate request file"
Run the following commands to retrieve the certificate to be imported:
$file_req = Get-ChildItem -Path $path_req | Where-Object { $_.Name -Match $name_req } | Sort-Object -Property LastWriteTime | Select-Object -Last 1Run one of the following commands to set the certificate template:
For VMware SSL certificates, run the following:
$cert_template = "VMwareSSL6.5"
For long-duration server certificates, run the following:
$cert_template = "Server-10Year"
Run the following commands to define where the signed certificate file will be created using the certificate request file
$file_cer = Join-Path -Path $path_req -ChildPath ($file_req.BaseName + ".cer")
Run the following commands to submit the request to an Austin certificate authority:
certreq -submit -attrib ("CertificateTemplate:" + $cert_template) $file_req $file_cer