Logon to the console of the Windows 2012R2 Core server and execute:
certreq -new C:\temp\request.inf C:\temp\dc01.jbk.local.req
The request.inf file does have the following content:
[NewRequest]
Subject=”C=CH,S=ZH,L=Zurich,O=Home,OU=IT,CN=dc01.jbk.local”
PrivateKeyArchive=FALSE
Exportable=FALSE
UserProtected=FALSE
MachineKeySet=TRUE
ProviderName=”Microsoft RSA SChannel Cryptographic Provider”
ProviderType=12
UseExistingKeySet=FALSE
RequestType=PKCS10
HashAlgorithm=sha256
KeyLength=4096
KeyUsage = 0xF0
KeySpec=1
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
Submit the CSR (Certificate Signing Request) to the CA
When you get back the signed certificate from your CA, then
certreq -accept C:\temp\dc01.jbk.local.cer
References :
Certreq.exe https://technet.microsoft.com/library/cc725793.aspx