Posted on by Robin Clarke

Creating CSR for non Microsoft Systems and signing with a Microsoft CA

Problem:

Recently I needed to create a number of certificates for non-Microsoft systems such as ESXi hosts, NAS/SAN units and some security applications.  The problem was that most of these systems did not have a facility for generating a CSR.  I needed to create the CSR in OpenSSL sign the certificate with a Microsoft CA and then generate a certificate.

Solution:

1. Download open SSL from here.

2. Use the below as your template for the certificate, changing the parts in red to match your systems:

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:NAS1, IP:10.20.30.253, DNS:NAS1.mydomain.com

[ req_distinguished_name ]
countryName = UK
stateOrProvinceName = London
localityName = London
0.organizationName = MyCompany
organizationalUnitName = MyCompany
commonName = NAS1.mydomain.com

 

3. Paste the above into the C:\OpenSSL-Win32\bin\openssl.cfg file (after removing the existing contents).




4. Open a command prompt in the Open SSl directory and run the following command to create the certificate request:

openssl req -new -nodes -out rui.csr -keyout rui-orig.key -config openssl.cfg

 

5. Convert to RSA with this command:

openssl rsa -in rui-orig.key -out rui.key

 

6. Go to the Microsoft CA and open a command prompt. Put the rui.csr file in a folder you can access on the CA server.




7. Run the following command:

certreq -submit -attrib "CertificateTemplate:WebServer" rui.csr

 

8. Select the CA:

Creating CSR for non Microsoft Systems and signing with a Microsoft CA

9. Save the certificate as rui.cert

Creating CSR for non Microsoft Systems and signing with a Microsoft CA-1

10.Login to your device or application where you need to import the certificate.




11. Open the rui.cert file in notepad and copy the contents to the certificate section.

Creating CSR for non Microsoft Systems and signing with a Microsoft CA-2

12. Open the rui.key file in notepad and copy to the private key section.

13. Open the root CA certificate in notepad and copy to the intermediate certificate section.

14. Click apply and the certificates will be uploaded and you will have a secure connection.

Creating CSR for non Microsoft Systems and signing with a Microsoft CA-3




Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *