Thursday, January 16, 2014

Certificates on Windows, AD CA etc

This relates mainly to older servers since CAs now require 2048 bit keys and I kept running into a default of 1024 I couldn't change.

This is ripped from another blog (thanks rrustean.blogspot.com)

snip

cretate a file called c:\cert.inf with the following content:

[NewRequest]
Subject = "CN=www.mydoain.net, O=MyCompany, OU=IT, L=London, S=SE1, C=GB"
KeyLength = 2048


Now run the following:

certreq -new cert.inf outfile.req

Now just cut and paste the contents of outfile.req into the geotrust QuickSSL Premium Enrollment page and away you go.

snip

But that only goes half way.

To complete things for me loading a certificate into IIS I had to change the cert.inf file..

[NewRequest]
Subject = "CN=www.mydoain.net, O=MyCompany, OU=IT, L=London, S=SE1, C=GB"
KeyLength = 2048

Exportable = TRUE

The certificate is created under the current user and you need to export it and import to the machine account to access it in IIS.

Import the cert from the provider into your current user. Now you should be able to export it with it's private key and import it into the local machine account where IIS etc can see it.

No comments: