Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template
Open an administrative PowerShell prompt
In the same administrative PowerShell prompt, navigate to the location where the certificate request should be created:
#example Set-Location C:\Working |
In the same administrative PowerShell prompt, run the following command to set the subject, any optional DNS or IP Address subject alternate names, and template of the certificate:
$cert_url = <FQDN for the certificate>
$cert_sans = @("<certificate SAN #1>","<certificate SAN #2>",...)
$cert_ipaddrs = @("<certificate IP address #1>","<certificate IP address #2>",...) |
In the same administrative PowerShell session, run one of the following:
For VMware SSL certificates, run the following:
$cert_template = "VMwareSSL6.5" |
In the same administrative PowerShell prompt, run the following to create the INF file then open the INF file to review the output:
$cert_file = $cert_url + "_" + (Get-Date -Format yyyyMMdd-HHmmss)
$cert_file_inf = ((Get-Location).Path + "\" + $cert_file + ".inf")
$cert_file_content = @"
[Version]
Signature=`"`$Windows NT`$`"
[NewRequest]
Subject=`"CN=$cert_url`"
Exportable=TRUE
MachineKeySet=TRUE
KeyLength=2048
[Extensions]
2.5.29.17=`"{text}`"
_continue_=`"DNS=$cert_url&`"
"@
New-Item $cert_file_inf -Type File -Force
Set-Content $cert_file_inf $cert_file_content |
In the same administrative PowerShell prompt, run the following to add any DNS subject alternate names to the INF file:
ForEach ($san in $cert_sans) {Add-Content $cert_file_inf ("_continue_=`"DNS=$san&`"")} |
In the same administrative PowerShell prompt, run the following to add any IP Address subject alternate names to the INF file:
ForEach ($ipaddr in $cert_ipaddrs) {Add-Content $cert_file_inf ("_continue_=`"IPAddress=$ipaddr&`"")} |
In the same administrative PowerShell prompt, run the following to create the request, submit the request to a certificate authority, then accept the response:
$cert_file_req = ((Get-Location).Path + "\" + $cert_file + ".req")
$cert_file_cer = ((Get-Location).Path + "\" + $cert_file + ".cer")
certreq -new $cert_file_inf $cert_file_req
certreq -submit -attrib ("CertificateTemplate:" + $cert_template) $cert_file_req $cert_file_cer
certreq -accept $cert_file_cer |