Certreq: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
No edit summary   (change visibility)
Line 69: Line 69:
| certreq –accept ssl.cer || Accept the response|| http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx
| certreq –accept ssl.cer || Accept the response|| http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx
|-
|-
| certreq -attrib "CertificateTemplate:WebServer\nSAN:DNS=vc1&DNS=vc2&DNS=vc1.domain.com&DNS=vc2.domain.com&IPAddress=192.168.1.1&IPAddress=192.168.1.2" HP_VC.csr HP_VC.cer || submit request with SAN and template set ||
| <syntaxhighlight lang="text">certreq -attrib "CertificateTemplate:WebServer\nSAN:DNS=vc1&DNS=vc2&DNS=vc1.domain.com&DNS=vc2.domain.com&IPAddress=192.168.1.1&IPAddress=192.168.1.2" HP_VC.csr HP_VC.cer </syntaxhighlight>|| submit request with SAN and template set || if EDITF_ATTRIBUTESUBJECTALTNAME2  is enabled
 
|-
| <syntaxhighlight lang="text">certreq -attrib "CertificateTemplate:WebServer\nDNS:vc1\nemail:mailadres@domain.com" HP_VC.csr HP_VC.cer </syntaxhighlight>|| submit request with SAN and template set || if CRLF_ALLOW_REQUEST_ATTRIBUTE_SUBJECT  is enabled
|}
|}

Revision as of 11:31, 21 March 2016

[Version] 
Signature="$Windows NT$"
[NewRequest] 
Subject = "CN=SERVER.CONTOSO.COM"   ; For a wildcard use "CN=*.CONTOSO.COM" for example 
; For an empty subject use the following line instead or remove the Subject line entierely 
; Subject = 
Exportable = FALSE                  ; Private key is not exportable 
KeyLength = 2048                    ; Common key sizes: 512, 1024, 2048, 4096, 8192, 16384 
KeySpec = 1                         ; AT_KEYEXCHANGE 
KeyUsage = 0xA0                     ; Digital Signature, Key Encipherment 
MachineKeySet = True                ; The key belongs to the local computer account 
ProviderName = "Microsoft RSA SChannel Cryptographic Provider" 
ProviderType = 12 
SMIME = FALSE 
RequestType = CMC
; At least certreq.exe shipping with Windows Vista/Server 2008 is required to interpret the [Strings] and [Extensions] sections below
[Strings] 
szOID_SUBJECT_ALT_NAME2 = "2.5.29.17" 
szOID_ENHANCED_KEY_USAGE = "2.5.29.37" 
szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1" 
szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"
[Extensions] 
%szOID_SUBJECT_ALT_NAME2% = "{text}dns=computer1.contoso.com&dns=computer2.contoso.com" 
%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_PKIX_KP_SERVER_AUTH%,%szOID_PKIX_KP_CLIENT_AUTH%"
[RequestAttributes] 
CertificateTemplate= WebServer
Create inf file http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx
 '[NewRequest]',
'Subject="CN=item,C=BE,S=BRU,L=LEU,O=variable,OU=variable,E=mail@mail.be"', #
'KeySpec=1',
'KeyUsage=0xf0',
'MachineKeySet=TRUE',
'Exportable=TRUE',
'',
'[RequestAttributes]',
'CertificateTemplate="templatename"'
'SAN="UPN=someupn"'        
Other inf
[NewRequest] 
Subject = "CN=FQDN" 
Exportable = TRUE 
KeyLength = 2048 
KeySpec = 1 
KeyUsage = 0xf0 
MachineKeySet = TRUE 
[RequestAttributes]
CertificateTemplate=”templatename”
[Extensions] 
OID = 1.3.6.1.5.5.7.3.1 
OID = 1.3.6.1.5.5.7.3.2
Other inf https://technet.microsoft.com/en-us/library/dn296456.aspx
certreq –new ssl.inf ssl.req Create request http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx
certreq –submit ssl.req Submit request http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx
certreq -q -submit -config "$PKIServer\$CAName" "$FileName.req" "$FileName.cer" Submit request with config
certreq –accept ssl.cer Accept the response http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx
certreq -attrib "CertificateTemplate:WebServer\nSAN:DNS=vc1&DNS=vc2&DNS=vc1.domain.com&DNS=vc2.domain.com&IPAddress=192.168.1.1&IPAddress=192.168.1.2" HP_VC.csr HP_VC.cer
submit request with SAN and template set if EDITF_ATTRIBUTESUBJECTALTNAME2 is enabled
certreq -attrib "CertificateTemplate:WebServer\nDNS:vc1\nemail:mailadres@domain.com" HP_VC.csr HP_VC.cer
submit request with SAN and template set if CRLF_ALLOW_REQUEST_ATTRIBUTE_SUBJECT is enabled