Request SSL Certificate from Microsoft CA with Certreq

  • by

Steps to request SSL Certificate from Microsoft CA With certreq

  1. Prepare a INF file
Subject = "" 
Exportable = TRUE ;TRUE = Private key is exportable
KeyLength = 2048 
KeySpec = 1 ; Key Exchange – Required for encryption
KeyUsage = 0xA0 ; Digital Signature, Key Encipherment
MachineKeySet = TRUE 
CertificateTemplate="WebServer" ;Certificate Template
OID= ; Server Authentication
OID= ; Client Authentication
[Extensions] = "{text}" ; SAN - Subject Alternative Name
_continue_ = ""  
_continue_ = ""
_continue_ = ""
  1. Request SSL Cert
C:\Temp>certreq -new C:\temp\RequestConfig.inf c:\temp\CertRequest.req
Active Directory Enrollment Policy

CertReq: Request Created
  1. Submit to Microsoft Internal CA
C:\Temp>certreq -submit certRequest.req certnew.cer certnew.pfx
Active Directory Enrollment Policy
RequestId: 3
RequestId: "3"
Certificate retrieved(Issued) Issued

  1. Try to import the PFX file with PowerShell but failed
PS C:\> Import-PfxCertificate -FilePath C:\Temp\certnew.pfx -CertStoreLocation "cert:\LocalMachine\My" -Verbose
VERBOSE: Performing the operation "Import PFX certificate" on target "Item: C:\Temp\certnew.pfx Destination: My".
Import-PfxCertificate : The specified file is not a valid PFX file.
  1. We have to import the PFX file with key with certlm.msc

  1. Check the SSL Thumbprint for the imported SSL Cert
PS C:\Users\administrator.LAB> Get-ChildItem -Path cert:\LocalMachine\my 

    PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\my

Thumbprint                                Subject                                                                                                                                                         
----------                                -------                                                                                                                                                           
8E6AB2EBA682A78589EB5A3B6FF153D5FFEFAA45  CN=ADRoot, DC=lab, DC=aventislab, DC=info                                                                                                                      
  1. Export the PFX to be ready to import to other machines
$PfxPass = ConvertTo-SecureString -String "P@ssw0rd!@#$" -Force -AsPlainText

Get-ChildItem -Path cert:\localMachine\my\658D80026D82EECE93AE90E90A62229A4D33D4FA | Export-PfxCertificate -FilePath C:\temp\lab.pfx -Password $PfxPass
  1. Import the PFX file to other machine with
Import-PfxCertificate -FilePath C:\Temp\lab.pfx -Password $PfxPass -CertStoreLocation cert:\LocalMachine\my