Create the request
- Open an MMC window
- Add the Certificates snap-in
- Note: certain certificates can only be requested by user or computer accounts; set the snap-in account appropriately
- Expand Certificates then right click on Personal
- Select All Tasks then Request New Certificate...
- Click Next then select Active Directory Enrollment Policy
- Click Next then check the box next to the name of the desired template
- Utilize VMware SSL 6.5 for any VMware products or interaction
- Utilize Server (10 Year Duration) for long duration use cases (requires permissions from the AD team)
- Utilize Web Server with IPSEC for default use cases that require IPSec (such as printers that need IPsec and HTTPS)
- Utilize Web Server 2048 bit key for all other default cases
- Click on Details on the desired template to expand the request information then click Properties
- Set the Subject name type drop down to Common name
- Set the Subject name value to the FQDN for the certificate then click Add to include the value on the certificate
- Set the Alternate name type drop down to DNS name
- Set the Alternate name value to the FQDN for the certificate then click Add to include the value on the certificate
- Repeat the previous step as necessary to add additional FQDNs to the certificate
- Click OK then click Enroll
Export the keypair (optional)
- Open an MMC window
- Add the Certificates snap-in
- Note: certain certificates can only be requested by user or computer accounts; set the snap-in account appropriately
- Expand Certificates then Certificate Enrollment Requests then Certificates
- Right click on the certificate to export and select All tasks... then Export...
- Click Next then select Yes, export the private key
- Click Next twice
- Check the Password box and set a complex password
- Click Next
- Specify a file name for the certificate request
- Click Next then click Finish