SystemCenter

All about System Center Articles and Tutorials

CSR creation for SSL Certificate – SCOM 2012 R2

Posted by on Oct 12, 2016 in General, SCOM 2012

CSR creation for SSL Certificate – SCOM 2012 R2

Its certificate renewal time for most of our SCOM Management Servers, the team has asked me how to create the CSR file so they can ask their certificate team to generate the certificate based upon that CSR.

A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country.

It’s not a rocket science, the same can be achieved following two ways:

1: Through GUI

2: Through Command Prompt

Let’s start…

Through GUI

1: Log on to the computer for which certificate needs to be issued.

2: Open Run command box, type inetmgr and then click OK.

1

It will open the IIS Manager home page.

3: Select the server name under Connections menu and double click Server Certificates.

2

4: Under Actions menu click Create Certificate Request.

3

5: Under Distinguished Name Properties window, enter the information as follows:

Common Name: The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., serverhost.domain.com).

Organization: The legally registered name of your organization/company.

Organizational unit: The name of your department within the organization (frequently this entry will be listed as “IT,” “HR,” or you may leave it blank).

City/locality: The city in which your organization is located.

State/province: The state in which your organization is located.

Country/region: The country in which your organization is located.

6: Click Next to continue.

4

7: Under Cryptographic Service Provider Properties window, leave the Cryptographic Service Provider to default Microsoft RSA SChannel Cryptographic Provider.

8: Change the Bit length to 2048 or higher.

9: Click Next to continue.

5

10: Provide a suitable file name to your certificate request.

11: Click Finish to complete the process.

6

The file can be provided to certificate team for generating the certificate.

CSR file will contain encoded text as shown below. It will be used for generating the Certificate.

7

Through Command Prompt

Apart from using the GUI there’s another way we can generate CSR file. We need below parameters for same:

 [NewRequest]
Subject=”CN=HOST.DOMAIN.COM, OU=IT, O=Your Organization, L=Bromma, S=Stockholm, C=SE”
Exportable=TRUE
KeyLength=2048
KeySpec=1
KeyUsage=0xf0
MachineKeySet=TRUE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2
NOTE: The Subject line will contain the same details which have been described in Step 5 under Distinguished Name Properties while generating CSR through GUI.

1: Copy the above parameters in a Notepad file.

8

2: Save the file with suitable name with .INF extension.

We have saved the file under C:\TEMP folder.

9

3: Open Command Prompt as Administrator and run below command:

certreq -new <FULL PATH OF .INF FILE> <FULL PATH OF .CSR FILE>

You should get CertReq: Request Created message.

10

4: The CSR file can be found under provided path.

11

The file can be provided to certificate team for generating the certificate.

CSR file will contain encoded text as shown below. It will be used for generating the Certificate.

12

This option might be helpful in case you need to generate CSR files on many servers. It will save time.

Submit a Comment

Your email address will not be published. Required fields are marked *