How to generate Certificate with Custom Options from CA Server

Steven Hoang
Sep 5, 2018 · 3 min read

This article is apart of Service Fabric installation topics. Check out the topic here for Install
a Secured Service Fabric with Certficates
and Install a Secured Service Fabric with gMSA.

The following steps will show you how to generate a certificate with a custom option from CA server. Here I
generated a certificate with:

  • Common name: sf.hbd.net
  • Friendly name: sf.hbd.net
  • Description: sf.hbd.net
  • Template: Web Server
  • Extensions: Server Authentication, Client Authentication
  • Private Key: Exportable

I. Create Certificate Request

Open Microsoft Management Console (Start -> Run -> MMC) and then add Certificates and
Certification Authority Snap-in to Local Machine.

1. The Microsoft Management Console 2. Under Certificates\Personal: Right click and select Create Custom Request.

MMC-LocalMachine
MMC-LocalMachine
Custom-Request
Custom-Request

3. On the template screen, select Web Server and Request format is PKCS #10. 4. There is a Properties button under Details section on next screen.

Custom-Request-Template
Custom-Request-Template
Custom-Request-WebServer
Custom-Request-WebServer

Click Properties button and fulling up a few following information:

1. Subject 2. General

Subject
Subject
General
General

Provides the CN and DNS Provides the friendly name and description

3.Extenrions (*) 4. Key Options

Extentions
Extentions
Key Options
Key Options

Ensure the above Authentications are selected. Make private key exportable

The step 3 above is an important step which a allow users using this certification as Client authentication
to access to the servers.

Click Next and save the Certificate request to a file.

Save-to-File
Save-to-File

After this step, The request file is saved to the desktop folder. The next steps will show how to generate a new
certificate from that requested file.

II. Generate Certificate

  1. Right click on CA server name under Certification Authority and select Submit new request…
Import-CCR
Import-CCR

2. Import the file have been created on previous steps. 3. CA server will create a new cert and allows to save it back as a file.

Import-File
Import-File
Save-Cert
Save-Cert

After this step, The certificate is saved to the desktop folder. Bellow steps are showing how to generate the
PFX file.

III. Export to PFX file.

  1. Go back to Certificates and import the Cert file from step II into Personal.
Import-Cert
Import-Cert
  1. The cert should be displayed as above with expected information.
Cert-Info
Cert-Info
  1. Exporting the certificate to a PFX file.
Export-Cert
Export-Cert

Congratulations, You are successfully generated the certificates with custom options and exported to the PFX
files.

Originally published at Drunk Coding.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade