Submit an openssl request file to a Microsoft PKI with certreq

Submit an openssl request file to a Microsoft PKI with certreq

This procedure will show you how to generate a certificate with this following requirements :

  • a linux web server : a certificate request file is generated with openssl command
  • a Microsoft Certificate Authority that will issue a certificate

Follow these steps :

  • on the linux server :
    1. generate the private key : openssl genrsa 2048 > linux_webserver.key

    2. change the security of the private key : chmod 400 linux_webserver.key
    3. create the certificate request file : openssl req -new -key linux_webserver.key > linux_webserver.csr

  • on the Microsoft Certificate Authority
    1. launch a command prompt : cmd
    2. check the certificate request file : certutil linux_webserver.csr
    3. generate the certificate : certreq -attrib "CertificateTemplate:webserver" -submit linux_webserver.csr
    4. select the Certificate Authority when prompted
    5. save the certificate file

You will then be able to install this new certificate on the linux web server. If you use Apache, you can follow this procedure to install the certificate on it.



Certreq command

Certutil command

openssl command reference


My Powershell script categories

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media Auto Publish Powered By :