Problem:
How do I create a certificate request for any system and get a signed certificate from a Windows CA?
Solution:
1. Create template by copying the text below and filling out all the parts in red. You can then save the file as openssl.cfg
[ req ]
default_bits = 2048
default_keyfile = MyKey.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:myserver.domain.com, DNS:myserver2.domain.com
[ req_distinguished_name ]
countryName = UK
stateOrProvinceName = London
localityName = London
0.organizationName = MyOrg
organizationalUnitName = MyOrg
commonName = myservers.domain.com
2. Now you need to download OpenSSL for Windows, there are a number of places you can get this if you Google it
3 . Create .csr with new key in OpenSSL by running the below:
openssl req -new -newkey rsa:2048 -nodes -keyout MyKey.key -out MyRequest.csr -config openssl.cfg
4. Login to your CA and open a cmd prompt, then run the below:
certreq -submit -attrib "CertificateTemplate:WebServer" C:\temp\MyRequest.csr
Save the certificate as mycertificate.crt
5. Now to create your .pfx file and get an export password:
openssl pkcs12 -export -out mypfxfile.pfx -inkey "C:\OpenSSL\bin\MyKey.key" -in "C:\OpenSSL\bin\mycertificate.crt"
6. You can now import to application using export password entered earlier