Certreq
Jump to navigation
Jump to search
[Version]
Signature="$Windows NT$"
[NewRequest]
Subject = "CN=SERVER.CONTOSO.COM" ; For a wildcard use "CN=*.CONTOSO.COM" for example
; For an empty subject use the following line instead or remove the Subject line entierely
; Subject =
Exportable = FALSE ; Private key is not exportable
KeyLength = 2048 ; Common key sizes: 512, 1024, 2048, 4096, 8192, 16384
KeySpec = 1 ; AT_KEYEXCHANGE
KeyUsage = 0xA0 ; Digital Signature, Key Encipherment
MachineKeySet = True ; The key belongs to the local computer account
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
SMIME = FALSE
RequestType = CMC
; At least certreq.exe shipping with Windows Vista/Server 2008 is required to interpret the [Strings] and [Extensions] sections below
[Strings]
szOID_SUBJECT_ALT_NAME2 = "2.5.29.17"
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"
szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"
[Extensions]
%szOID_SUBJECT_ALT_NAME2% = "{text}dns=computer1.contoso.com&dns=computer2.contoso.com"
%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_PKIX_KP_SERVER_AUTH%,%szOID_PKIX_KP_CLIENT_AUTH%"
[RequestAttributes]
CertificateTemplate= WebServer |
Create inf file | http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx |
'[NewRequest]',
'Subject="CN=item,C=BE,S=BRU,L=LEU,O=variable,OU=variable,E=mail@mail.be"', #
'KeySpec=1',
'KeyUsage=0xf0',
'MachineKeySet=TRUE',
'Exportable=TRUE',
'',
'[RequestAttributes]',
'CertificateTemplate="templatename"'
'SAN="UPN=someupn"'
Other inf
[NewRequest]
Subject = "CN=FQDN"
Exportable = TRUE
KeyLength = 2048
KeySpec = 1
KeyUsage = 0xf0
MachineKeySet = TRUE
[RequestAttributes]
CertificateTemplate=”templatename”
[Extensions]
OID = 1.3.6.1.5.5.7.3.1
OID = 1.3.6.1.5.5.7.3.2 |
Other inf | https://technet.microsoft.com/en-us/library/dn296456.aspx |
certreq –new ssl.inf ssl.req | Create request | http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx |
certreq –submit ssl.req | Submit request | http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx |
certreq -q -submit -config "$PKIServer\$CAName" "$FileName.req" "$FileName.cer" | Submit request with config | |
certreq –accept ssl.cer | Accept the response | http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx |
certreq -attrib "CertificateTemplate:WebServer\nSAN:DNS=vc1&DNS=vc2&DNS=vc1.domain.com&DNS=vc2.domain.com&IPAddress=192.168.1.1&IPAddress=192.168.1.2" HP_VC.csr HP_VC.cer |
submit request with SAN and template set | if EDITF_ATTRIBUTESUBJECTALTNAME2 is enabled |
certreq -attrib "CertificateTemplate:WebServer\nDNS:vc1\nemail:mailadres@domain.com" HP_VC.csr HP_VC.cer |
submit request with SAN and template set | if CRLF_ALLOW_REQUEST_ATTRIBUTE_SUBJECT is enabled |