Here I am using the CERTREQ command to create a request file that will allow me to obtain a certificate with a DNS entry in the Subject Alternative Name field from the Active Directory Certificate Services CertSrv web page.
[Version]
Signature="$Windows NT$"
[NewRequest]
Subject = "CN=hostname.domain.com" ; Remove to use an empty Subject name.
Exportable = FALSE ; TRUE = Private key is exportable
KeyLength = 2048 ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1 ; Key Exchange - Required for encryption
KeyUsage = 0xA0 ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
RequestType = PKCS10 ; or CMC.
[Extensions]
2.5.29.17 = "{text}"
continue = "dns=url.domain.com&"
[RequestAttributes]
CertificateTemplate = MyWebServerCert ; Modify for your environment by using the LDAP common name of the template.
;NOTE: There are four parameters in this file that you need to modify to address your specific needs.
;Subject - This should be expressed as the FQDN of server or URL. EX: "CN=hostname.domain.com"
;Exportable - TRUE or FALSE depending on the requirement.
;_continue_ - This should be expressed as the FQDN of server or URL. EX: continue = "dns=url.domain.com&"
;Additional SANs can be included as needed in this same manner.
;CertificateTemplate = MyWebServerCert, this must match the name of the certificate you select in the pull-down from certsrv
References:
docs.microsoft...)
The Sway:
sway.office.co...
Cross Forest PKI Series and more!
1) Creating Base Images in Hyper V - Its the Remix!!!
• Creating Base Images i...
2) Creating Base Windows Images in HyperV
• Creating Base Windows ...
3) Running SYSPREP with an Unattend File
• Running SYSPREP with a...
4) Deploying the Lab
• Deploying the Lab
5) Configuring Active Directory For the Lab
• Configuring Active Dir...
6) Completing the PKI Environment Setup
• Completing the PKI Env...
7) Starting the Cross Forest PKI Setup
• Starting the Cross For...
8) Completing the Cross Forest PKI Deployment
• Completing the Cross F...
9) Cross Forest PKI Auto Enroll The Sequel - Production Hits a Snag
• Cross Forest PKI Auto ...
10) Two Tier PKI Lab with CDP and OCSP
• Two Tier PKI Lab with ...
11) Using the CERTREQ command to include a SAN
• Using the CERTREQ comm...
12) Revoke Certificates Using PowerShell with the PSPKI Module
• Revoke Certificates Us...
5 сен 2024
