Skip to the second section if submitting an existing certificate request.

Create the certificate request

1. Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template

2. Open an administrative PowerShell prompt

3. In the same administrative PowerShell prompt, navigate to the location where the certificate request should be created: 

   #example Set-Location C:\Working

4. In the same administrative PowerShell prompt, run the following command to set the subject, any optional DNS or IP Address subject alternate names, and template of the certificate:  

   $cert_url = <FQDN for the certificate> $cert_sans = @("<certificate SAN #1>","<certificate SAN #2>",...) $cert_ipaddrs = @("<certificate IP address #1>","<certificate IP address #2>",...)

5. In the same administrative PowerShell session, run one of the following:

   • For VMware SSL certificates, run the following: 

     $cert_template = "VMwareSSL6.5"

6. In the same administrative PowerShell prompt, run the following to create the INF file then open the INF file to review the output: 

   $cert_file = $cert_url + "_" + (Get-Date -Format yyyyMMdd-HHmmss) $cert_file_inf = ((Get-Location).Path + "\" + $cert_file + ".inf") $cert_file_content = @" [Version] Signature=`"`$Windows NT`$`" [NewRequest] Subject=`"CN=$cert_url`" Exportable=TRUE MachineKeySet=TRUE KeyLength=2048 [Extensions] 2.5.29.17=`"{text}`" _continue_=`"DNS=$cert_url&`" "@ New-Item $cert_file_inf -Type File -Force Set-Content $cert_file_inf $cert_file_content

7. In the same administrative PowerShell prompt, run the following to add any DNS subject alternate names to the INF file: 

   ForEach ($san in $cert_sans) {Add-Content $cert_file_inf ("_continue_=`"DNS=$san&`"")}

8. In the same administrative PowerShell prompt, run the following to add any IP Address subject alternate names to the INF file: 

   ForEach ($ipaddr in $cert_ipaddrs) {Add-Content $cert_file_inf ("_continue_=`"IPAddress=$ipaddr&`"")}

9. In the same administrative PowerShell prompt, run the following to create the request:

   $cert_file_req = ((Get-Location).Path + "\" + $cert_file + ".req") $cert_file_cer = ((Get-Location).Path + "\" + $cert_file + ".cer") certreq -new $cert_file_inf $cert_file_req

Submit the certificate request

1. If submitting a pre-created certificate request, complete the following instructions:
   1. Log into a server joined to the Austin Active Directory as on a system with permissions to request a certificate from the desired template
   2. Start an administrative PowerShell session
   3. In the same administrative PowerShell session, set the following variables as requested:
   • • $cert_file_req  - the full path to the certificate request file
     • $cert_file_cer - the full path to the certificate that will be created

2. In the same administrative PowerShell session, run one of the following to set the certificate template:

   • For VMware SSL certificates, run the following: 

     $cert_template = "VMwareSSL6.5"

   • For long-duration server certificates, run the following: 

     $cert_template = "Server-10Year"

3. In the same administrative PowerShell prompt, run the following to submit the request to a certificate authority then accept the response: 

   certreq -submit -attrib ("CertificateTemplate:" + $cert_template) $cert_file_req $cert_file_cer certreq -accept $cert_file_cer