I've been trying to figure out how to configure a CSR from our Microsoft Enterprise CA to for AMT and SCCM 2007 SP1. Our SSL vendor, GoDaddy, requires that we submit the CSR with OU = Intel(R) Client Setup Certificate included in the CSR. Since we're going to be using our Microsoft CA we've been following the SCCM instructions on creating a CSR for an external SSL cert. Nowhere in the instructions does it mention where we could enter the OU = Intel(R) Client Setup Certificate string for CSR submission. I realize it's probably a no brainer for everyone else out there but I admit I'm a bit dense when it comes to SSL. Has anyone done this before?
If you are using OpenSSL tools for MS here is a good post that talks to this:
If you are using CertReq with an INF file set the OU in the subject line:
Example INF file:
Exportable = TRUE
KeyLength = 1024
KeySpec = 1
KeyUsage = 0xA0
MachineKeySet = TRUE
Subject="CN=domain.com;OU=Intel(R) Client Setup Certificate;O=Company name;L=City name; S=State;C=Country"
OID = 126.96.36.199.188.8.131.52.1
OID = 2.16.840.1.1137184.108.40.206