Create a Certificate Request using Microsoft Management Console (MMC)
Overview
In this article, we will show how to produce a Certificate Request using the management console with the Certificates snap-in. After importing the certificate in the computer container. In this case we are generating a digital certificate that will be installed at 2010 TMG that it is configured as Reverse Proxy Server Lync pool. The enterprise certification service is installed along with the domain controller with the service and this Web Enrrolement active.
The certificate will be generated with multiple Destinguish Name and Subject Alternative Names.
Connection Manager Certificate
Start running on the machine and run the mmc to start the management console, click File and Add / Remove Snap-in
http://4.bp.blogspot.com/-dMWPr_TyVMo/TvyQbePJqXI/AAAAAAAACl0/xKnL6b8Isz4/s320/cert00_1.png
Select the Certificate Snap-in and add to the console
http://3.bp.blogspot.com/-RxH05oaoR4M/TvyQcZP8PMI/AAAAAAAACl8/ZJHJBZJeI8o/s320/cert00_2.png
Select Computer Account to manage the certificates installed on computed
http://2.bp.blogspot.com/-W_3D_pQuq1s/TvyQc9ZrLqI/AAAAAAAACmE/d9GT5CFLndU/s320/cert00_3.png
Select Local Computer and finish the wizard
http://1.bp.blogspot.com/-UYNp-dPenOw/TvyQdibgpxI/AAAAAAAACmM/lgD9eFKCIDk/s320/cert00_4.png
Request Certificate
Expand the Personal folder in the Certificates. Right-click All Tasks, select Advanced Operations and Create Custom Request ....
http://2.bp.blogspot.com/-mlEc1Le2qko/TvyQek9HstI/AAAAAAAACmU/D4eocvL3qEE/s320/cert01.png
Go to start the certificate request
http://1.bp.blogspot.com/-H0dxlCMbjk8/TvyQfpPS_nI/AAAAAAAACmc/VKtL4qroO6M/s320/cert02.png
Select the *Enrollment Policy *
*http://3.bp.blogspot.com/-ILW67qaS3ao/TvyQgYesTBI/AAAAAAAACmk/MJhb7IWUnQw/s320/cert03.png *
Select the template of the certificate to the Reverse Proxy must select Web Server template
http://2.bp.blogspot.com/-2DTah70WkR4/TvyQhSpFTKI/AAAAAAAACms/GiD6JFKQVBk/s320/cert04.png
In the Certificate Information tab expand the Details and click Properties to configure the options of the Certificate
http://2.bp.blogspot.com/-cALIcjHapZE/TvyQiBiSpcI/AAAAAAAACm0/_yZ_KsO_x3M/s320/cert05.png
Tab Certificeta Properties in select Subject Name option Type: Common Name and Value set the FQDN of the primary service that uses the certificate. In part of Alternative Name select Typer: DNS and * *add all the FQDN's that bear the certificate
http://2.bp.blogspot.com/-N7WtG4_AkAQ/TvyQi777NgI/AAAAAAAACm8/_WCXNxs9j7M/s320/cert06.png
In the tab General set the Friendly Name of the certificate, this option does not affect any functionality of the certificate may take any value. Usually we set up a brief description of the functionality of the certificate
http://2.bp.blogspot.com/-fbIfHtkrR7c/TvyQj-z5d7I/AAAAAAAACnE/lzi_lTHf7lw/s320/cert07.png
Tab Private Key option expand the Key Options check the Make Private key exportable. Apply the changes and finish the wizard
http://1.bp.blogspot.com/-DlPSQwcKHkQ/TvyQk3zAcDI/AAAAAAAACnM/A53CX5x27vw/s320/cert08.png
In Certificate Enrollment advance
http://4.bp.blogspot.com/-p9oE1nJYKg4/TvyQlQQDmBI/AAAAAAAACnU/7tTA9GEwZ6g/s320/cert09.png
Select the folder where the request is saved and finish the assistant
http://2.bp.blogspot.com/-jaJecIU1ZXs/TvyQmPVcnJI/AAAAAAAACnc/pTZ9G1MbHuU/s320/cert10.png
Generate the Certificate
Access the address of the Web Enrollment of digital certification in the URL https:// <FQDN server certificado> / CertSrv and click *Request Certificate *
http://3.bp.blogspot.com/-yvaFpECkK68/TvyQnBj9msI/AAAAAAAACnk/wgP0slneBDA/s320/cert11.png
Click the Advanced Certificate Request
http://1.bp.blogspot.com/-C1boVDnQh80/TvyQnwedNJI/AAAAAAAACns/4CrMcrrGcNk/s320/cert12.png
Select Submit a certificate request by using the base 64-encoded CMC or PKCS # 10 file, or submit a renewal request by using the base 64-encoded PKCS # 7 file
http://4.bp.blogspot.com/-x3xR1t1vqeM/TvyQomespaI/AAAAAAAACn0/9sfiXjPNEus/s320/cert13.png
Open the request file in Notepad, select and copy the entire contents
http://1.bp.blogspot.com/-Ax-D-XlCk5o/TvyQp3V56TI/AAAAAAAACn8/JuroJ1sfzWA/s320/cert14.png
Paste the contents of the file request in the space Saved Request and select the Certificate Template: Web Server and click Submit
http://3.bp.blogspot.com/-hHXO3OahJ7U/TvyQqo3HgWI/AAAAAAAACoE/DXIbtdVk7jY/s320/cert15.png
The certificate will be generated, click Download Certificate and save the certificate in a folder
http://1.bp.blogspot.com/-AxIlEo5w9io/TvyQrvzkdsI/AAAAAAAACoM/CUgNH1zTaJk/s320/cert16.png
Check the settings of the certificate are correct and that the option of private key is present in the certificate
http://3.bp.blogspot.com/-pleF7WWczeY/TvyQsYeayLI/AAAAAAAACoU/Hir-hBEgQ0k/s320/cert16_1.png
Import Certificate
Return to the management console expand the Personal Right click Certificates select All Tasks and click Import ...
http://1.bp.blogspot.com/-LLvWOtplfC0/TvyQtLx9avI/AAAAAAAACoc/4UGt4YQCIgQ/s320/cert17.png
Go to start the certificate import
http://2.bp.blogspot.com/-Lpc-iBb_8ro/TvyQt9PGAMI/AAAAAAAACok/llaJwYGEiCg/s320/cert18.png
Select the certificate that was saved
http://1.bp.blogspot.com/-PMDbgZv8zBs/TvyQugtph5I/AAAAAAAACos/d_nu4u7kNwE/s320/cert19.png
Go to the configuration of the Certificate Store
http://2.bp.blogspot.com/-nOuIY832Jn0/TvyQvqFFXPI/AAAAAAAACo0/-EyEIOPnimo/s320/cert20.png
And finalize the wizard
http://1.bp.blogspot.com/-7iS8eOWaeCQ/TvyQwfLfuHI/AAAAAAAACo8/VWVPSr3AzsA/s320/cert21.png
The certificate must be imported and ready to be linked to services