How to generate Certificate with Custom Options from CA Server

This article is apart of Service Fabric installation topics. Check out the topic here for Install
a Secured Service Fabric with Certficates
and Install a Secured Service Fabric with gMSA.

The following steps will show you how to generate a certificate with a custom option from CA server. Here I
generated a certificate with:

  • Common name: sf.hbd.net
  • Friendly name: sf.hbd.net
  • Description: sf.hbd.net
  • Template: Web Server
  • Extensions: Server Authentication, Client Authentication
  • Private Key: Exportable

Open Microsoft Management Console (Start -> Run -> MMC) and then add Certificates and
Certification Authority Snap-in to Local Machine.

1. The Microsoft Management Console 2. Under Certificates\Personal: Right click and select Create Custom Request.

MMC-LocalMachine
MMC-LocalMachine
Custom-Request
Custom-Request

3. On the template screen, select Web Server and Request format is PKCS #10. 4. There is a Properties button under Details section on next screen.

Custom-Request-Template
Custom-Request-Template
Custom-Request-WebServer
Custom-Request-WebServer

Click Properties button and fulling up a few following information:

1. Subject 2. General

Subject
Subject
General
General

Provides the CN and DNS Provides the friendly name and description

3.Extenrions (*) 4. Key Options

Extentions
Extentions
Key Options
Key Options

Ensure the above Authentications are selected. Make private key exportable

The step 3 above is an important step which a allow users using this certification as Client authentication
to access to the servers.

Click Next and save the Certificate request to a file.

Save-to-File
Save-to-File

After this step, The request file is saved to the desktop folder. The next steps will show how to generate a new
certificate from that requested file.

  1. Right click on CA server name under Certification Authority and select Submit new request…
Import-CCR
Import-CCR

2. Import the file have been created on previous steps. 3. CA server will create a new cert and allows to save it back as a file.

Import-File
Import-File
Save-Cert
Save-Cert

After this step, The certificate is saved to the desktop folder. Bellow steps are showing how to generate the
PFX file.

  1. Go back to Certificates and import the Cert file from step II into Personal.
Import-Cert
Import-Cert
  1. The cert should be displayed as above with expected information.
Cert-Info
Cert-Info
  1. Exporting the certificate to a PFX file.
Export-Cert
Export-Cert

Congratulations, You are successfully generated the certificates with custom options and exported to the PFX
files.

Originally published at Drunk Coding.

Lernt what, share that

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store