Subject = "CN=FQDN, OU=Organizational Unit, O=Company, L=City, S=State, C=Country"
KeySpec = 1
KeyLength = 2048
HashAlgorithm = SHA256
Exportable = FALSE
MachineKeySet = TRUE
SMIME = FALSE
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
RequestType = PKCS10
KeyUsage = 0xa0
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
FriendlyName = ""
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
[RequestAttributes]
CertificateTemplate = WebServer
[Extensions]
2.5.29.17 = "{text}"
_continue_ = "DNS=example.com&"
_continue_ = "DNS=www.example.com&"
_continue_ = "DNS=secure.example.com"
The process
Once you have the above information saved. Follow these steps:1. Open a command prompt and cd to the directory where you saved request.inf.
2. Run certreq -new request.inf request.req
3. Submiting
a. Submit the request.req file to your CA. They will process it and approve/decline it.
b. To submit the request file to your internal CA: certreq –submit request.req
4. When they approve it they should send you back your public key in a .cer file.
5. Run certreq -accept file-from-ca.cer (or request.req) to finish setting up the key.
Sources:
http://serverfault.com/questions/67697/iis-7-0-ssl-certificate-renew-or-new
http://blogs.technet.com/pki/archive/2009/08/05/How-to-create-a-web-server-SSL-certificate-manually.aspx
Nenhum comentário:
Postar um comentário