/
Austin Certificates - How-To - Request internal certificates via MMC

Austin Certificates - How-To - Request internal certificates via MMC

Owned by Alex Barth
Last updated: Jan 13, 2025
2 min read

The following instructions allow a user to request an internal certificate from the Austin CAs. 

Create the request

  1. Sign in to the computer where the certificate will be created

  2. Open one of the following consoles:

    • Open certlm.msc for machine certificates

    • Open certmgr.msc for user certificates

  3. Expand Certificates then right click on Personal

  4. Select All Tasks then Request New Certificate...

  5. Click Next then select Active Directory Enrollment Policy

  6. Click Next then check the box next to the name of the desired template

    • Utilize VMware SSL 6.5 for any VMware products or interaction

    • Utilize Server (10 Year Duration) for long duration use cases (requires permissions from the AD team)

    • Utilize Web Server with IPSEC for use cases that require IPSec (such as printers that need IPsec and HTTPS)

    • Utilize Web Server 2048 bit key for all other default cases

  7. Expand Details and select Properties

  8. On the General tab, set a friendly name for certificate

    • Ex. the name on the certificate and the date

  9. On the Subject tab, set the following as appropriate:

    1. A subject name of type common name with the name on the certificate

    2. An alternative name of type DNS with the name on the certificate

    3. All other required additional names of type DNS with the subject alternate names on the certificate

  10. On the Extensions tab, set the following as appropriate:

    1. Set the key usages to digital signature and key encipherment

    2. Set the extended key usage to server authentication

  11. On the Private Key tab, set the following as appropriate:

    1. Set the key options to a key size of at least 2048 

    2. Check the Make private key exportable option if the certificate needs to be utilized on multiple systems

  12. Click OK then click Enroll

Export the keypair (optional)

  1. Locate then right click on the certificate

  2. Select All tasks... then Export...

  3. Click Next then select Yes, export the private key

  4. Click Next twice

  5. Check the Password box and set a complex password

  6. Click Next 

  7. Specify a file name for the certificate request

  8. Click Next then click Finish

 

Confluence Documentation | Web Privacy Policy | Web Accessibility