Request a server certificate from the Austin CAs via PowerShell

1. Sign into a Windows system joined to the Austin Active Directory where the system has permissions to request a certificate from the desired template.

2. Start an administrative PowerShell session

3. Modify then run the following commands to define the required and optional DNS host names for the certificate: 

   $cert_url = <FQDN for the certificate> $cert_san = @("<FQDN for certificate SAN #1>","<FQDN for certificate SAN #2>",...)

   
   

4. In the same administrative PowerShell session, run the following to format the subject names on the certificate: 

   $cert_sub = ("CN=" + $cert_url) If ($cert_san) {$cert_dns = $cert_san + $cert_url} Else {$cert_dns = $cert_url}

   
   

5. In the same administrative PowerShell session, run one of the following to set the certificate template:

   • For a Server (10 year duration) certificate, run the following: 

     $cert_template = "Server-10year"

     
     

   • For a VMware SSL certificate, run the following: 

     $cert_template = "VMwareSSL6.5"

     
     

6. In the same administrative PowerShell session, run the following to request the certificate:

   # request the certificate for the local computer Get-Certificate -Url ldap: -CertStoreLocation "Cert:\LocalMachine\My" -Template $cert_template -SubjectName $cert_sub -DnsName $cert_dns

   
   

Request a user certificate from the Austin CAs via PowerShell

1. Log into a system joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template
2. Start an administrative PowerShell session then run one of the following: 
   

   • For a Code Signing certificate, run the following: 

     # request the certificate for the current user Get-Certificate -Url ldap: -CertStoreLocation "Cert:\CurrentUser\My" -Template "CodeSigning(Exportable)"