?
Solved

How to add location info to an SSL CSR using CertReq.exe

Posted on 2014-02-27
3
Medium Priority
?
3,650 Views
Last Modified: 2014-03-20
Hi, I am trying to create a cert request for an IIS 7 website on Server 2008 R2 using CertReq.exe so I can add a Subject Alternate Name. This CSR will be submitted to a 3rd party issuing CA, not an Enterprise CA, and I would normally add the SAN info on the issuers website. Unfortunately the customer wants it done this way.

I'm using a RequestPolicy.inf file that I created based on the following Technet articles:

http://technet.microsoft.com/en-us/library/ff625722%28v=ws.10%29.aspx

http://support.microsoft.com/kb/931351

Everything checks out when I verify the output file (.req), except that I cannot find how to add the folling info to the CSR with CertReq.exe. I dont see this in any of the Technet articles for this tool:

Organization
Organization Unit
City/Local
Country
State/Province
Country

Can someone please provide the proper way to add this info to a CSR using the command line?

Thank you!
0
Comment
Question by:jsnrby
  • 3
3 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39893610
You will need to do this with a policy file:

[NewRequest]
Subject= "CN=www.domain.com, OU=xxx, O=xxx, L=xxx, S=xxx, C=xx"
Exportable = TRUE
Exportable = TRUE
KeyLength = 2048
KeyUsage = 0xA0
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = CMC

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2

2.5.29.17 = "{text}"
_continue_ = "dns=www.domain1.com&dns=www.domain2.com&dns=ww.domain3.com"

Open in new window


Then run a certreq e.g

certreq –new c:\filename-you-saved-above-content-as.inf  C:\filename-of-request-to-be-generated.txt
0
 
LVL 29

Expert Comment

by:becraig
ID: 39896396
Let me know if you have any additional question, though the above info should resolve this for you.
0
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 39924715
In the event I was not clearer above:
Subject= "CN=www.domain.com, OU=xxx, O=xxx, L=xxx, S=xxx, C=xx"
maps to
Organization
Organization Unit
City/Local
Country
State/Province
Country
OU= Organizational Unit - O=Organization - L=City\Locality - S=State - C=Country
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question