Create Certificate from CSR with no template information
If you have a basic Microsoft CA for lab or production purpose you cannot sign a certificate without a template. However the certificate manager utility included in vCenter or OpenSSL creates CSR file which is rejected by the Microsoft CA on the ground that it has no template extension.
There is a simple trick that consists in attributing a template to the csr during the signing process.
1. Open a command prompt as a domain user which has permissions to sign certificates
2. (Optional) You can get the list of templates using this command:
certutil -CATemplates -Config Machine\CAName
3. Run certreq with the attrib parameter and specify the template you want to apply (Usually WebServer will do).
certreq -attrib "CertificateTemplate:WebServer"
A popup then asks you to specify the csr file to sign.
4. Then select the CA to use.
5. Give a name and location to the certificate to produce.
 
                
No Comments