View Source

The following instructions allow a user to request an internal certificate from the Austin CAs.

Create the request

Sign in to the computer where the certificate will be created
Open one of the following consoles:
- Open certlm.msc for machine certificates
- Open certmgr.msc for user certificates
Expand Certificates then right click on Personal
Select All Tasks then Request New Certificate...
Click Next then select Active Directory Enrollment Policy
Click Next then check the box next to the name of the desired template
- Utilize VMware SSL 6.5 for any VMware products or interaction
- Utilize Server (10 Year Duration) for long duration use cases (requires permissions from the AD team)
- Utilize Web Server with IPSEC for use cases that require IPSec (such as printers that need IPsec and HTTPS)
- Utilize Web Server 2048 bit key for all other default cases
Expand Details and select Properties
On the General tab, set a friendly name for certificate
- Ex. the name on the certificate and the date
On the Subject tab, set the following as appropriate:
1. A subject name of type common name with the name on the certificate
2. An alternative name of type DNS with the name on the certificate
3. All other required additional names of type DNS with the subject alternate names on the certificate
On the Extensions tab, set the following as appropriate:
1. Set the key usages to digital signature and key encipherment
2. Set the extended key usage to server authentication
On the Private Key tab, set the following as appropriate:
1. Set the key options to a key size of at least 2048
2. Check the Make private key exportable option if the certificate needs to be utilized on multiple systems
Click OK then click Enroll

Export the keypair (optional)

Locate then right click on the certificate
Select All tasks... then Export...
Click Next then select Yes, export the private key
Click Next twice
Check the Password box and set a complex password
Click Next
Specify a file name for the certificate request
Click Next then click Finish