How to use certreq to create a cert request

Last updated: September 24, 2024 at 10:07

CERTWINDOWS

Sample inf file

[Version] 
Signature="$Windows NT$"

[NewRequest]
Subject = "CN=devname.fi.tcsecp.com"
Exportable = TRUE
KeyLength = 2048
KeySpec = 1
KeyUsage = 0xf0
RequestType = PKCS10

[Extensions]
2.5.29.17 = "{text}"
_continue_ = "dns=devname.fi.tcsecp.com"

[RequestAttributes]
CertificateTemplate = WebServer

Commands to submit request


certreq -new request.inf certnew.req

**certreq -submit -config "_<ServerName\CAName>_" "_<CertificateRequest.req>_" "_<CertificateResponse.cer>_"**

certreq.exe -accept $CertPath

Commands to export private key


## Export private key
## Provide password for secure cert below before running
$SecurePass = 'TCSlogon98765' | ConvertTo-SecureString -AsPlainText -Force
$CertToExport = Get-ChildItem -Path cert:\LocalMachine\My | Where-Object { $_.Subject -like "*$Device*" }
Export-PfxCertificate -Password $SecurePass -FilePath $CertPrivateKeyPath -Cert $CertToExport

references:

How to Request a Certificate With a Custom SAN | Microsoft Learn Add SAN to secure Lightweight Directory Access Protocol (LDAP) certificate - Windows Server | Microsoft Learn

← Back to Til