?
Solved

How to add location info to an SSL CSR using CertReq.exe

Posted on 2014-02-27
3
Medium Priority
?
3,582 Views
Last Modified: 2014-03-20
Hi, I am trying to create a cert request for an IIS 7 website on Server 2008 R2 using CertReq.exe so I can add a Subject Alternate Name. This CSR will be submitted to a 3rd party issuing CA, not an Enterprise CA, and I would normally add the SAN info on the issuers website. Unfortunately the customer wants it done this way.

I'm using a RequestPolicy.inf file that I created based on the following Technet articles:

http://technet.microsoft.com/en-us/library/ff625722%28v=ws.10%29.aspx

http://support.microsoft.com/kb/931351

Everything checks out when I verify the output file (.req), except that I cannot find how to add the folling info to the CSR with CertReq.exe. I dont see this in any of the Technet articles for this tool:

Organization
Organization Unit
City/Local
Country
State/Province
Country

Can someone please provide the proper way to add this info to a CSR using the command line?

Thank you!
0
Comment
Question by:jsnrby
  • 3
3 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39893610
You will need to do this with a policy file:

[NewRequest]
Subject= "CN=www.domain.com, OU=xxx, O=xxx, L=xxx, S=xxx, C=xx"
Exportable = TRUE
Exportable = TRUE
KeyLength = 2048
KeyUsage = 0xA0
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = CMC

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2

2.5.29.17 = "{text}"
_continue_ = "dns=www.domain1.com&dns=www.domain2.com&dns=ww.domain3.com"

Open in new window


Then run a certreq e.g

certreq –new c:\filename-you-saved-above-content-as.inf  C:\filename-of-request-to-be-generated.txt
0
 
LVL 29

Expert Comment

by:becraig
ID: 39896396
Let me know if you have any additional question, though the above info should resolve this for you.
0
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 39924715
In the event I was not clearer above:
Subject= "CN=www.domain.com, OU=xxx, O=xxx, L=xxx, S=xxx, C=xx"
maps to
Organization
Organization Unit
City/Local
Country
State/Province
Country
OU= Organizational Unit - O=Organization - L=City\Locality - S=State - C=Country
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month6 days, 16 hours left to enroll

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question