Third Party Certifcate

Question

Hi All i was referring the below article, i want to raise a request using HashAlgorithm sha256

https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/enable-ldap-over-ssl-3rd-certification-authority

is the below syntax correct and the inf file, please guide me

certreq -new request.inf request.req  -HashAlgorithm  sha256

are the below two lines in the inf file in correct format

Subject = "CN=ldap.contoso.com", OU=Domain Controllers, C = US, ST = MYST, L = MYL, O = contoso.com, Inc.";
_continue_ = "&dns=ldap.contoso.com&dns=dc01.contoso.com&dns=dc02.contoso.com&dns=dc03.contoso.com"

;----------------- request.inf -----------------
;----- requested on ALL DCs-----

[Version]

Signature="$Windows NT$

[NewRequest]

Subject = "CN=ldap.contoso.com", OU=Domain Controllers, C = US, ST = MYST, L = MYL, O = contoso.com, Inc.";
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
OID=1.3.6.1.5.5.7.3.2 ; Client Authentication

[Extensions]
; If your client operating system is Windows Server 2008, Windows Server 2008 R2, Windows Vista, or Windows 7
; SANs can be included in the Extensions section by using the following text format. Note 2.5.29.17 is the OID for a SAN extension.

2.5.29.17 = "{text}"
_continue_ = "&dns=ldap.contoso.com&dns=dc01.contoso.com&dns=dc02.contoso.com&dns=dc03.contoso.com"

Answer 1

Hi,

this may help:

https://learn.microsoft.com/en-us/archive/blogs/pki/how-to-create-a-web-server-ssl-certificate-manually

https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certreq_1