Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.
cscript reqdccert.vbs (script by MS - see first link) certreq -new NEWDC.inf NEWDC.req
certreq -attrib "CertificateTemplate:DomainController" NEWDC.req
[Version] Signature= "$Windows NT$" [NewRequest] Subject = "CN=NEWDC.DOMAIN.COM" KeySpec = 1 KeyLength = 1024 Exportable = TRUE MachineKeySet = TRUE SMIME = FALSE PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [EnhancedKeyUsageExtension] OID=184.108.40.206.220.127.116.11.1 OID=18.104.22.168.22.214.171.124.2 ; ; The subject alternative name (SAN) can be included in the INF-file ; for a Windows 2003 CA. ; You don't have to specify the SAN when submitting the request. ; [Extensions] 126.96.36.199=MDSCEURDLVRSSC0wMS5CRUtLLm5voB8GCSsGAQQBgjcZAaASBBDXwNLlTQHnQrYC _continue_=GMg5dXe9 Critical=188.8.131.52 ; ; The template name can be included in the INF-file for any CA. ; You don't have to specify the template when submitting the request. ; ;[RequestAttributes] ;CertificateTemplate=DomainController
Join the community of 500,000 technology professionals and ask your questions.
Connect with top rated Experts
20 Experts available now in Live!