Request Internal Certificate from CA Server


In last post Set Up Automatic Certificate Enrollment we walked through the steps for completing automated certificate enrollment.

In this post I will walk through the process on how to request an internal SSL certificate from an IIS web server in the domain, against our internal deployed CA.

Create Web Server Certificate Template for SSL Certs

Connect to the Enterprise CA and open the Certification Authority console.

Expand the certification authority so that you can see Certificate Templates. Right-click Certificate Templates and then click Manage.

caa-1

In the details pane of the Certificate Templates console, right-click the Web Server template and then click Duplicate Template.

caa-2

If you are prompted to select a template version, select Window Server 2008 R2 and then click OK.

caa-3

caa-4

In the General tab, under Template display name, type a name that you want to use for the template. For example, Lab Certs. Change the validity period as per your config.

caa-5

On the Subject Name tab select Build from this Active Directory information. Set the Subject name format to Common name. Under Include this information in alternate subject name, select the DNS name checkbox and clear the User principal name (UPN) checkbox.

caa-6

On Cryptography tab and ensure that the template is set to use a Minimum key size of 1024 bits or higher; 2048 bits or higher is preferred. Click OK.
caa-7

Close the Certificate Templates console and return to the Certificate Authority console.

In the console tree of the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

caa-8

In the Enable Certificate Templates dialog box click the new certificate template that you created and then click OK.

caa-9

Complete an Internal Certificate Request

Launch IIS Manager and click on Server Certificates and click on Open feature.

ca-37

On the right, click on Create Certificate Request.

ca-38.PNG

Enter the fields in the request template.

ca-39

Leave the cryptographic service provider to default and change the key Bit Length to 4096 and hit next.

ca-40

Save the file to any location you like on the server and hit finish.

ca-41

Logon to your CA server using your browser (http://<CAserver>/certsrv)

1: Select Request a Certificate> Select Advanced Certificate Request.

caa-10

2: In the Certificate Template select Web Server.

3: Copy/paste the contents from your certificate request file (excluding the first and last line “— beginning of new request file —” and “— end of new request file —“).

caa-11

4: Save your certificate output as Base 64 encoded  CER-file.

caa-12

5: From within IIS, select Complete Certificate Request.

caa-132.PNG

caa-133.PNG

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable :)

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in SSL Certficates. Bookmark the permalink.

3 Responses to Request Internal Certificate from CA Server

  1. Pingback: Replacing Esxi 6 SSL Certificates | Virtual Reality

  2. Pingback: Replacing vSphere 6 Solution user certificates with CA signed certificates | Virtual Reality

  3. Pingback: Replacing vSphere 6 SSL Certificates | Virtual Reality

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s