1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
;certutil -config "MYCA.info.sys\IssuingCAInstance" -ping ;certreq -new certreq.inf certreq.req ;certreq -submit -config "MYCA.info.sys\IssuingCAInstance" certreq.req ;certreq -accept c:\MyGeneratedCert.cer ;netsh http add sslcert ipport=0.0.0.0:5000 certhash=THUMBPRINT appid={} certstorename=my ;netsh http add sslcert ipport=0.0.0.0:5000 certhash=d9ffaeec6552b3d21d3f7741c48d63d9fb61d10a appid={01122334-4556-6778-8990-aabbccddeeff} certstorename=my [NewRequest] ; The subject name for the certificate (Common Name) Subject = "CN=MYCN.info.sys" KeySpec = 1 KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE ; Use the appropriate Cryptographic Service Provider for your environment ProviderName = "Microsoft RSA SChannel Cryptographic Provider" RequestType = PKCS10 [Extensions] ; The Enhanced Key Usage extension for Server Authentication 2.5.29.37 = "{text}1.3.6.1.5.5.7.3.1" ; The Subject Alternative Name (SAN) extension 2.5.29.17 = "{text}" ; List multiple DNS entries (ampersand-& delimited) _continue_ = "DNS=DNSName&" _continue_ = "DNS=DNSNAME.contoso.sys&" _continue_ = "DNS=DNSNAME2&" _continue_ = "DNS=DNSNAME2.contoso.sys" [RequestAttributes] ; Specify the certificate template name here CertificateTemplate = "WebServer_Contoso" |