?
Solved

How to add location info to an SSL CSR using CertReq.exe

Posted on 2014-02-27
3
Medium Priority
?
3,245 Views
Last Modified: 2014-03-20
Hi, I am trying to create a cert request for an IIS 7 website on Server 2008 R2 using CertReq.exe so I can add a Subject Alternate Name. This CSR will be submitted to a 3rd party issuing CA, not an Enterprise CA, and I would normally add the SAN info on the issuers website. Unfortunately the customer wants it done this way.

I'm using a RequestPolicy.inf file that I created based on the following Technet articles:

http://technet.microsoft.com/en-us/library/ff625722%28v=ws.10%29.aspx

http://support.microsoft.com/kb/931351

Everything checks out when I verify the output file (.req), except that I cannot find how to add the folling info to the CSR with CertReq.exe. I dont see this in any of the Technet articles for this tool:

Organization
Organization Unit
City/Local
Country
State/Province
Country

Can someone please provide the proper way to add this info to a CSR using the command line?

Thank you!
0
Comment
Question by:jsnrby
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39893610
You will need to do this with a policy file:

[NewRequest]
Subject= "CN=www.domain.com, OU=xxx, O=xxx, L=xxx, S=xxx, C=xx"
Exportable = TRUE
Exportable = TRUE
KeyLength = 2048
KeyUsage = 0xA0
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = CMC

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2

2.5.29.17 = "{text}"
_continue_ = "dns=www.domain1.com&dns=www.domain2.com&dns=ww.domain3.com"

Open in new window


Then run a certreq e.g

certreq –new c:\filename-you-saved-above-content-as.inf  C:\filename-of-request-to-be-generated.txt
0
 
LVL 29

Expert Comment

by:becraig
ID: 39896396
Let me know if you have any additional question, though the above info should resolve this for you.
0
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 39924715
In the event I was not clearer above:
Subject= "CN=www.domain.com, OU=xxx, O=xxx, L=xxx, S=xxx, C=xx"
maps to
Organization
Organization Unit
City/Local
Country
State/Province
Country
OU= Organizational Unit - O=Organization - L=City\Locality - S=State - C=Country
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question