How the heck to submit OU = Intel(R) Client Setup Certificate from a Microsoft CA?

SWood7 · ‎05-14-2008

I've been trying to figure out how to configure a CSR from our Microsoft Enterprise CA to for AMT and SCCM 2007 SP1. Our SSL vendor, GoDaddy, requires that we submit the CSR with OU = Intel(R) Client Setup Certificate included in the CSR. Since we're going to be using our Microsoft CA we've been following the SCCM instructions on creating a CSR for an external SSL cert. Nowhere in the instructions does it mention where we could enter the OU = Intel(R) Client Setup Certificate string for CSR submission. I realize it's probably a no brainer for everyone else out there but I admit I'm a bit dense when it comes to SSL. Has anyone done this before?

idata · ‎08-19-2008

If you are using OpenSSL tools for MS here is a good post that talks to this:

http://communities.intel.com/message/1855# 1855

If you are using CertReq with an INF file set the OU in the subject line:

Example INF file:

\[NewRequest\]

Exportable = TRUE

KeyLength = 1024

KeySpec = 1

KeyUsage = 0xA0

MachineKeySet = TRUE

Subject="CN=domain.com;OU=Intel(R) Client Setup Certificate;O=Company name;L=City name; S=State;C=Country"

\[EnhancedKeyUsageExtension\]

OID = 1.3.6.1.5.5.7.3.1

OID = 2.16.840.1.113741.1.2.3

idata · ‎08-20-2008

Here is a good instruction:

p-10957 http://communities.intel.com/openport/blogs/proexpert/2008/03/03/steps-to-purchase-a-godaddy-certificate-for-the-purpose-of-vpro-remote-configuration