Submit an openssl request file to a Microsoft PKI with certreq
Submit an openssl request file to a Microsoft PKI with certreq

This procedure will show you how to generate a certificate with this following requirements :

  • a linux web server : a certificate request file is generated with openssl command
  • a Microsoft Certificate Authority that will issue a certificate

Follow these steps :

  • on the linux server :
    1. generate the private key : openssl genrsa 2048 > linux_webserver.key
      Output :
      Generating RSA private key, 2048 bit long modulus
      e is 65537 (0x10001)
    2. change the security of the private key : chmod 400 linux_webserver.key
    3. create the certificate request file : openssl req -new -key linux_webserver.key > linux_webserver.csr
      Output :
      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      Country Name (2 letter code) [AU]:XX
      State or Province Name (full name) [Some-State]:Your_State
      Locality Name (eg, city) []:Your_Locallity
      Organization Name (eg, company) [Internet Widgits Pty Ltd]:The_company_name
      Organizational Unit Name (eg, section) []:Department
      Common Name (e.g. server FQDN or YOUR name) []:thewebserverFQDN.domain.local
      Email Address []:
      Please enter the following 'extra' attributes
      to be sent with your certificate request
      A challenge password []:
      An optional company name []:
  • on the Microsoft Certificate Authority
    1. launch a command prompt : cmd
    2. check the certificate request file : certutil linux_webserver.csr
    3. generate the certificate : certreq -attrib “CertificateTemplate:webserver” -submit linux_webserver.csr
    4. select the Certificate Authority when prompted
    5. save the certificate file

You will then be able to install this new certificate on the linux web server. If you use Apache, you can follow this procedure to install the certificate on it.



Certreq command

Certutil command

openssl command reference


My Powershell script categories

Submit an openssl request file to a Microsoft PKI with certreq

Leave a Reply

Your email address will not be published.