How to generate Certificate with Custom Options from CA Server
This article is apart of Service Fabric installation topics. Check out the topic here for Install
a Secured Service Fabric with Certficates and Install a Secured Service Fabric with gMSA.
The following steps will show you how to generate a certificate with a custom option from CA server. Here I
generated a certificate with:
- Common name: sf.hbd.net
- Friendly name: sf.hbd.net
- Description: sf.hbd.net
- Template: Web Server
- Extensions: Server Authentication, Client Authentication
- Private Key: Exportable
I. Create Certificate Request
Open Microsoft Management Console (Start -> Run -> MMC) and then add Certificates and
Certification Authority Snap-in to Local Machine.
1. The Microsoft Management Console 2. Under Certificates\Personal: Right click and select Create Custom Request.
3. On the template screen, select Web Server and Request format is PKCS #10. 4. There is a Properties button under Details section on next screen.
Click Properties button and fulling up a few following information:
1. Subject 2. General
Provides the CN and DNS Provides the friendly name and description
3.Extenrions (*) 4. Key Options
Ensure the above Authentications are selected. Make private key exportable
The step 3 above is an important step which a allow users using this certification as Client authentication
to access to the servers.
Click Next and save the Certificate request to a file.
After this step, The request file is saved to the desktop folder. The next steps will show how to generate a new
certificate from that requested file.
II. Generate Certificate
- Right click on CA server name under Certification Authority and select Submit new request…
2. Import the file have been created on previous steps. 3. CA server will create a new cert and allows to save it back as a file.
After this step, The certificate is saved to the desktop folder. Bellow steps are showing how to generate the
PFX file.
III. Export to PFX file.
- Go back to Certificates and import the Cert file from step II into Personal.
- The cert should be displayed as above with expected information.
- Exporting the certificate to a PFX file.
Congratulations, You are successfully generated the certificates with custom options and exported to the PFX
files.
Originally published at Drunk Coding.