Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 3 Next »

Create the Austin certificate via PowerShell

Note: this process must be run on the primary EID Feed server in each domain.

  1. Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template

  2. Open an administrative PowerShell prompt

  3. In the same administrative PowerShell prompt, navigate to the location where the certificate request should be created: 

    #example
Set-Location C:\Working

  4. In the same administrative PowerShell prompt, run the following command to set the filename, subject, subject alternate names, and template of the certificate:  

    $cert_file = "<certificate request filename without extentions>"
$cert_url = <FQDN for the certificate>
$cert_san = @("<certificate SAN #1>","<certificate SAN #2>",...)
$cert_template = <short name of the certificate template>

  5. In the same administrative PowerShell prompt, run the following to create the INF file then open the INF file to review the output:


    $cert_file_inf = ((Get-Location).Path + "\" + $cert_file  + ".inf")
$cert_file_content = @"
[Version]
Signature=`"`$Windows NT`$`"
 
[NewRequest]
Subject=`"CN=$cert_url`"
Exportable=TRUE
MachineKeySet=TRUE
KeyLength=2048
 
[Extensions]
2.5.29.17=`"{text}`"
_continue_=`"DNS=$cert_url&`"
"@
 
New-Item $cert_file_inf -Type File -Force
Set-Content $cert_file_inf $cert_file_content

  6. In the same administrative PowerShell prompt, run the following to add any subject alternate names to the INF file: 

    ForEach ($san in $cert_san) {Add-Content $cert_file_inf ("_continue_=`"DNS=$san&`"")}

  7. In the same administrative PowerShell prompt, run the following to create the request, submit the request to a certificate authority, then accept the response:

    $cert_file_req = ((Get-Location).Path + "\" + $cert_file  + ".req")
$cert_file_cer = ((Get-Location).Path + "\" + $cert_file  + ".cer")
certreq -new $cert_file_inf $cert_file_req
certreq -submit -attrib CertificateTemplate:$cert_template $cert_file_req $cert_file_cer
certreq -accept $cert_file_cer

Export the Austin certificate via PowerShell

  1. Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template

  2. Open an administrative PowerShell prompt

  3. In the same administrative PowerShell prompt, run the following command to set the filename and subject of the certificate:  

    $cert_file = "<certificate request filename without extentions>"
$cert_url = <FQDN for the certificate>

  4. In the same administrative PowerShell prompt, run the following command to set the password for the exported PFX file:

    $cert_pw = Read-Host -Prompt "Enter password" -AsSecureString

  5. In the same administrative PowerShell prompt, run the following to identify the certificate then export the PFX and CRT files: 

    $cert_file_pfx = ((Get-Location).Path + "\" + $cert_url  + ".pfx")
$cert_file_crt = ((Get-Location).Path + "\" + $cert_url  + ".crt")
$cert_obj = Get-ChildItem -Path "cert:\LocalMachine\My" | Where-Object {$_.Subject -match $cert_url} | Sort-Object NotBefore -Descending | Select-Object -First 1
$cert_rca = Get-ChildItem -Path "cert:\LocalMachine\Root" | Where-Object {$_.Subject -match $cert_obj.Issuer} | Sort-Object NotBefore -Descending | Select-Object -First 1
$cert_obj | Export-PfxCertificate -FilePath $cert_file_pfx -Password $cert_pw
$cert_rca | Export-Certificate -FilePath $cert_file_crt
  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility