wagnerjer

User Tools

Site Tools

Trace: create_a_valid_certificate_for_website_using_windows_ca
wiki:create_a_valid_certificate_for_website_using_windows_ca

Install openssl on a computer and make sure it's included in system variable's path

Create INI file (yourfile.ini) with following details : 

[ req ]
default_bits=2048
prompt=no
default_md=sha256
distinguished_name=dn
req_extensions=req_ext

[ dn ]
C=LU
ST=Luxembourg
L=Luxembourg
O=YourCompany
CN=yourserver.yourcompany.local

[ req_ext ]
subjectAltName=@alt_names

[ alt_names ]
DNS.1=yourserver.yourcompany.com
DNS.2=www.yourserver.com


Open a cmd prompt and type the following command: 

openssl req -new -nodes -newkey rsa:2048 -keyout key.key -config yourfile.cnf -out certreq.csr

This will create 2 files :
key.key
certreq.csr

Open the webpage of your CA : https://yourserver.yourcompany.local/certsrv
Chose Request a certificate
Click on advanced certificate request
Copy the content of the csr file created before in the Saved request box
Select the WebServer template and click Submit
You will then be able to download the Certificate as CER file and the Certificate chain as P7B

If you need to change the CER file to PFX you can do the following: First transform the CER to PEM 

openssl x509 -inform DER -in certificate.cer -out certificate.pem

Include then PEM with key to make PFX 

openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.pem
wiki/create_a_valid_certificate_for_website_using_windows_ca.txt · Last modified: by wagner.jer
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki