Tuesday, December 5, 2017

Generating an SSL cert on your internal CA

Here's the steps to generate an SSL cert on your internal CA using a CSR that a thrid party gave you.

  1. Open up Certificate Templates
    1. Find the template with the intended purposes you need, and duplicate the template
    2. Choose Server 2003
      1. Server 2008 certs cannot be re-enrolled through the IIS website on the CA server (https://<server name>/certsrv/)
    3. General Tab
      1. Choose the validity period
    4. Request Handling Tab
      1. Signature and Encryption
      2. Allow private key to be exported
    5. subject name
      1. Supply in request
    6. Security
      1. Authenticated users -> Read, Enroll
    7. Click OK button
  2. Open Certification Autority (Local) in the MMC
    1. Go to Certificate Templates
    2. Right click > New > Certificate Template to issue
    3. Choose your new template off the list
    4. Click OK
  3. Go to your IIS website (https://<server name>/certsrv/)
    1. Request a Certificate
    2. Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file
    3. Paste in the CSR that you received
    4. Choose your Certificate Template
    5. Click Submit
    6. Download the certificate
at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.