Austin Certificates - How-To - Submit custom certificates requests

Prerequisites

• The computer requesting the certificate must have Enroll permissions for the requested certificate template

  • Contact the Active Directory team for assistance with certificate template permissions

• The requested certificate requires one or more values that are not supported by InCommon certificates such as:

  • Lifetimes exceeding 398 days

  • Extended Key Usages other than Digital Signature and Key Encipherment 

  • Subject Alternate Names that are not in an approved DNS domain

  • Subject Alternate Names that are not DNS addresses such as an IP Address name

Submit the certificate request to an Austin CAs

1. Sign in to a computer joined to the Austin Active Directory where the computer has permissions to enroll for a certificate from the requested template

2. Start an administrative PowerShell session as a local administrator

3. Navigate to the path where the certificate request is stored.

4. Run the following commands to retrieve the name of certificate request:

   $Name = Read-Host -Prompt "Provide the name of the certificate request file"

5. Run the following commands to retrieve the certificate to be imported: 

   $Request = Get-ChildItem | Where-Object { $_.Name -Match $Name } | Sort-Object -Property LastWriteTime | Select-Object -Last 1

6. Run one of the following commands to set the certificate template:

   • For VMware SSL certificates, run the following: 

     $Template = "VMwareSSL6.5"

   • For long-duration server certificates, run the following: 

     $Template = "Server-10Year"

7. Run the following commands to define where the signed certificate file will be created using the certificate request file

   $Certificate = $Request.FullName -replace "$($Request.Extension)$", '.cer'

8. Run the following commands to submit the request to the Austin Certificates service:

   certreq -submit -attrib "CertificateTemplate:$Template" $Request.FullName $Certificate