Community
cancel
Showing results for 
Search instead for 
Did you mean: 
RBens2
Valued Contributor I
2,144 Views

Generating a Remote Configuration Cert from MS CA

I'm trying to get my own remote config cert installed on my SCS, but I can't quite seem to get the correct cert out of the MS Certificate Authority. The CA wants to make the Subject name equal to my user name, but I need the SN to equal the machine name. Does anyone have any ideas about how to get this to work correctly?

I'm using the CA as an enterprise CA running on my AD server. I've gotten the cert template to have the correct OID, but I can't get it to make the SN equal to the computer name.

Thanks,

Roger

0 Kudos
3 Replies
Brian_C_Intel
Employee
73 Views

Roger,

I use the following process to create certs on my SCS system:

Log on to the machine that SCS is installed on . Open a web browser on that system and enter the url of the machine issuing certs for your domain followed by certsrv. It will look something like this: http://192.168.1.1/certsrv

Login as the domain admin.

Click on Request a certificate.

Click on "Advanced certificate request".

Click on "Create and submit a request to this CA."

In the certificate template field, select the template that you built.

You will then be able to specify the subject name equal to the machine name.

Terry_C_Intel
Employee
73 Views

Once the template is in place - when you request the certificate, the "first name" is the FQDN of the target system used for remote configuration.

I'm planning to put together a short video to show how this is done... hopefully have it posted before end of the month...

RBens2
Valued Contributor I
73 Views

Thank you for the help. From your replies, I was able to figure out my problem. When I built the template for the cert I forgot to select the "Supply subject name in the Request" radio button. When AD fills in the data, it want to use the user name rather than the machine name. When I changed the template to function this whay, then it worked exactly as I needed it to. It would be helpful if this was noted in the section on generating a remote config cert.

Thanks,

Roger

Reply