3 Replies Latest reply on Jan 28, 2008 8:52 AM by rogerb

    Generating a Remote Configuration Cert from MS CA

    rogerb

       

      I'm trying to get my own remote config cert installed on my SCS, but I can't quite seem to get the correct cert out of the MS Certificate Authority. The CA wants to make the Subject name equal to my user name, but I need the SN to equal the machine name. Does anyone have any ideas about how to get this to work correctly?

       

       

      I'm using the CA as an enterprise CA running on my AD server. I've gotten the cert template to have the correct OID, but I can't get it to make the SN equal to the computer name.

       

       

      Thanks,

       

       

      Roger

       

       

        • 1. Re: Generating a Remote Configuration Cert from MS CA
          bcockrel

           

          Roger,

           

           

          I use the following process to create certs on my SCS system:

           

           

          Log on to the machine that SCS is installed on .  Open a web browser on that system and enter the url of the machine issuing certs for your domain followed by certsrv.  It will look something like this:  http://192.168.1.1/certsrv

           

           

          Login as the domain admin.

           

           

          Click on Request a certificate.

           

           

          Click on "Advanced certificate request".

           

           

          Click on "Create and submit a request to this CA."

           

           

          In the certificate template field, select the template that you built.

           

           

          You will then be able to specify the subject name equal to the machine name.

           

           

          • 2. Re: Generating a Remote Configuration Cert from MS CA
            TerryCutler

            Once the template is in place - when you request the certificate, the "first name" is the FQDN of the target system used for remote configuration.

             

            I'm planning to put together a short video to show how this is done... hopefully have it posted before end of the month...

            • 3. Re: Generating a Remote Configuration Cert from MS CA
              rogerb

               

              Thank you for the help. From your replies, I was able to figure out my problem. When I built the template for the cert I forgot to select the "Supply in the Request" radio button. When AD fills in the data, it want to use the user name rather than the machine name. When I changed the template to function this whay, then it worked exactly as I needed it to. It would be helpful if this was noted in the section on generating a remote config cert.

               

               

              Thanks,

               

               

              Roger