terça-feira, janeiro 19, 2010

IIS 7.0 - Create a SSL Certificate for Multiple Names

Create a configuration certificate file (request.inf)

[NewRequest]
Subject = "CN=FQDN, OU=Organizational Unit, O=Company, L=City, S=State, C=Country"
KeySpec = 1
KeyLength = 2048
HashAlgorithm = SHA256
Exportable = FALSE
MachineKeySet = TRUE
SMIME = FALSE
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
RequestType = PKCS10
KeyUsage = 0xa0
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
FriendlyName = ""

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication

[RequestAttributes]
CertificateTemplate = WebServer

[Extensions]
2.5.29.17 = "{text}"
_continue_ = "DNS=example.com&"
_continue_ = "DNS=www.example.com&"
_continue_ = "DNS=secure.example.com"

The process

Once you have the above information saved. Follow these steps:

1. Open a command prompt and cd to the directory where you saved request.inf.
2. Run
certreq -new request.inf request.req
3. Submiting
a. Submit the request.req file to your CA. They will process it and approve/decline it.
b. To submit the request file to your internal CA:
certreq –submit request.req
4. When they approve it they should send you back your public key in a .cer file.
5. Run
certreq -accept file-from-ca.cer (or request.req) to finish setting up the key.

Sources:
http://serverfault.com/questions/67697/iis-7-0-ssl-certificate-renew-or-new
http://blogs.technet.com/pki/archive/2009/08/05/How-to-create-a-web-server-SSL-certificate-manually.aspx

Nenhum comentário:

Postar um comentário