You can use the CertReq command line tool to request SAN SSL certificates. This can be useful where you have an internal (web)server which also needs to be available using another (alternate) DNS name.
First create a template file you can use, specifying the required parameters. Save it with a name, e.g. request.inf and save it to a temporary (work) folder (or simply your desktop):
;----------------- request.inf ----------------- [Version] Signature="$Windows NT$" [NewRequest] Subject = "CN=SERVER1.domain.com, OU=Some OU, O=Organization, L=City, S=State, C=US" ;Subject = "CN=SERVER1.domain.com" KeySpec = 1 KeyLength = 2048 ; Can be 2048, 4096, 8192, or 16384. ; Larger key sizes are more secure, but have ; a greater impact on performance. Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft Strong Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication [RequestAttributes] CertificateTemplate=WebServer [Extensions] 2.5.29.17 = "{text}" _continue_ = "dns=server1.domain.com&" _continue_ = "dns=server.domain.com"
Adjust the following parameters in the file:
Next, open a command prompt, and navigate to the folder where you saved the INF-file. Run a series of commands to create, submit and accept the certificate request:
certreq -new request.inf server1.req
certreq -submit server1.req
certreq -accept server1.cer
You can now use the certificate in your applications on that server. Optionally, you can export the certificate to PFX and use it elsewhere.
« ‹ | December 2024 | › » | ||||
Sun | Mon | Tue | Wed | Thu | Fri | Sat |
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |