Month: August 2015

Howto install a certificate from a standalone or non-Windows CA on a Windows 2012R2 Server

by jonas

Logon to the console of the Windows 2012R2 Core server and execute:

certreq -new C:\temp\request.inf C:\temp\dc01.jbk.local.req

The request.inf file does have the following content:

   [NewRequest]

   Subject=”C=CH,S=ZH,L=Zurich,O=Home,OU=IT,CN=dc01.jbk.local”
   PrivateKeyArchive=FALSE
   Exportable=FALSE
   UserProtected=FALSE
   MachineKeySet=TRUE
   ProviderName=”Microsoft RSA SChannel Cryptographic Provider”
   ProviderType=12
   UseExistingKeySet=FALSE
   RequestType=PKCS10
   HashAlgorithm=sha256
   KeyLength=4096
   KeyUsage = 0xF0
   KeySpec=1

  [EnhancedKeyUsageExtension]

   OID=1.3.6.1.5.5.7.3.1 ; Server Authentication

 

Submit the CSR (Certificate Signing Request) to the CA

When you get back the signed certificate from your CA, then

certreq -accept C:\temp\dc01.jbk.local.cer

 

References :

Certreq.exe https://technet.microsoft.com/library/cc725793.aspx