SSL Certificates from the command line
Usually, at least for IIS folks, SSL certificates are requested using the IIS Management Console GUI. In cases where IIS is not installed you may use Certreq, which is – in fact – very easy.
- Create a request.inf file:
;----------------- request.inf ----------------- [Version] Signature="$Windows NT$ [NewRequest] Subject = "CN=<FQDN>, E=<Email>, O=<Organization>, OU=<Organization Unit>, L=<City>, S=<State/Province>, C=<Two Letter Country Code>" KeySpec = 1 KeyLength = 2048 ; Can be 1024, 2048, 4096, 8192, or 16384. ; Larger key sizes are more secure, but have ; a greater impact on performance. Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication ;-----------------------------------------------
- Run command:
certreq -new request.inf request.req
- Contact your public CA and order a new SSL certificate. You’ll be prompted for the request in the process. Use the contents of the request.req file we generated above.
- In return the CA will provide you with a response. Save this response in a new file, lets call it response.cer.
- Run the following command on the same server to accept the new certificate and complete the request:
certreq -accept -user response.cer
Note: You may choose “-machine” or “-user” to define which store to import the certificate to.
No comments yet.