Request SSL Certificate from Microsoft CA with Certreq

Steps to request SSL Certificate from Microsoft CA With certreq

  1. Prepare a INF file
[NewRequest] 
Subject = "CN=lan-win2019.lab.aventislab.info" 
Exportable = TRUE ;TRUE = Private key is exportable
KeyLength = 2048 
KeySpec = 1 ; Key Exchange – Required for encryption
KeyUsage = 0xA0 ; Digital Signature, Key Encipherment
MachineKeySet = TRUE 
[RequestAttributes]
CertificateTemplate="WebServer" ;Certificate Template
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
OID=1.3.6.1.5.5.7.3.2 ; Client Authentication
[Extensions]
2.5.29.17 = "{text}" ; SAN - Subject Alternative Name
_continue_ = "dns=lab-win2019.lab.aventislab.info&"  
_continue_ = "dns=lab-ad01.lab.aventislab.info&"
_continue_ = "dns=wifi.lab.aventislab.info&"
  1. Request SSL Cert
C:\Temp>certreq -new C:\temp\RequestConfig.inf c:\temp\CertRequest.req
Active Directory Enrollment Policy
  {17C685B4-17D8-4A8A-9720-20FFBFA13C6D}
  ldap:

CertReq: Request Created
  1. Submit to Microsoft Internal CA
C:\Temp>certreq -submit certRequest.req certnew.cer certnew.pfx
Active Directory Enrollment Policy
  {17C685B4-17D8-4A8A-9720-20FFBFA13C6D}
  ldap:
RequestId: 3
RequestId: "3"
Certificate retrieved(Issued) Issued

  1. Try to import the PFX file with PowerShell but failed
PS C:\> Import-PfxCertificate -FilePath C:\Temp\certnew.pfx -CertStoreLocation "cert:\LocalMachine\My" -Verbose
VERBOSE: Performing the operation "Import PFX certificate" on target "Item: C:\Temp\certnew.pfx Destination: My".
Import-PfxCertificate : The specified file is not a valid PFX file.
  1. We have to import the PFX file with key with certlm.msc

  1. Check the SSL Thumbprint for the imported SSL Cert
PS C:\Users\administrator.LAB> Get-ChildItem -Path cert:\LocalMachine\my 

    PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\my

Thumbprint                                Subject                                                                                                                                                         
----------                                -------                                                                                                                                                           
8E6AB2EBA682A78589EB5A3B6FF153D5FFEFAA45  CN=ADRoot, DC=lab, DC=aventislab, DC=info                                                                                                                      
658D80026D82EECE93AE90E90A62229A4D33D4FA  CN=lab-win2019.lab.aventislab.info 
  1. Export the PFX to be ready to import to other machines
$PfxPass = ConvertTo-SecureString -String "P@ssw0rd!@#$" -Force -AsPlainText

Get-ChildItem -Path cert:\localMachine\my\658D80026D82EECE93AE90E90A62229A4D33D4FA | Export-PfxCertificate -FilePath C:\temp\lab.pfx -Password $PfxPass
  1. Import the PFX file to other machine with
Import-PfxCertificate -FilePath C:\Temp\lab.pfx -Password $PfxPass -CertStoreLocation cert:\LocalMachine\my 

Leave a Comment