Austin Certificates - How-To - Create custom certificates requests

[ 1 Define the certificate subject and subject alternative names ] [ 2 Create the certificate request ] [ 3 Submit the certificate request to a certificate authority ] [ 4 References ]

Define the certificate subject and subject alternative names

Sign in to a computer then start an administrative PowerShell session
Modify then run the following commands to set the subject and template of the certificate as well as any optional DNS or IP Address subject alternate name values:
$Subject = "<subject for the certificate>" $SubjectAlternateNames = @("<certificate SAN #1>","<certificate SAN #2>",...) $CertificateIPAddresses = @("<certificate IP address #1>","<certificate IP address #2>",...)

Create the certificate request

Run the following commands to define the newline string:
$NewLine = [System.Environment]::NewLine
Run the following commands to create the temporary files:
$CertificateTemplateFile = New-TemporaryFile $CertificateRequestFile = New-TemporaryFile
Run the following commands to define the certificate template:
$CertificateTemplate = @' [Version] Signature="$Windows NT$" [NewRequest] Subject="CN=%Subject%" Exportable=TRUE MachineKeySet=TRUE KeyLength=2048 KeySpec=AT_KEYEXCHANGE [Extensions] 2.5.29.17="{text}" _continue_="DNS=%Subject%&" '@
Run the following commands to update the subject in the certificate template:
$CertificateTemplate = $CertificateTemplate.Replace('%Subject%', $Subject)
Run the following commands to add any optional DNS subject alternate names to the certificate template:
ForEach ($SubjectAlternateName in $SubjectAlternateNames) { $CertificateTemplate = '{0}{1}_continue_="DNS={2}&"' -f $CertificateTemplate, $NewLine, $SubjectAlternateName }
Run the following commands to add any optional IP Address subject alternate names to the certificate template:
ForEach ($CertificateIPAddress in $CertificateIPAddresses) { $CertificateTemplate = '{0}{1}_continue_="IPAddress={2}&"' -f $CertificateTemplate, $NewLine, $CertificateIPAddress }
Run the following commands to trim the certificate template:
$CertificateTemplate = $CertificateTemplate -replace '&"\s*$', '"'
Run the following commands to write the certificate template file:
$Content | Out-File -FilePath $CertificateTemplateFile -Force
Run the following commands to review the certificate template file:
Get-Content -Path $CertificateTemplateFile
Run the following commands to create the certificate request file:
certreq -new -f $CertificateTemplateFile $CertificateRequestFile
Run the following commands to review the certificate request file:
Get-Content -Path $CertificateRequestFile
Run the following commands to retrieve the certificate request file name:
Get-Item -Path $CertificateRequestFile

Submit the certificate request to a certificate authority

To submit the certificate request to the preferred InCommon certificate authority, review and complete the SSL Request form in ServiceNow
To submit the certificate request to the internal Austin certificate authority, complete the instructions on the following page: Austin Certificates - How-To - Submit custom certificates requests

References

Certreq - https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certreq_1