We recently moved to a new Window 2012 R2 Certificate Authority (Sha2, 2048..check us out 😉 ), which meant that I had to issue new certs to our SCOM Servers.The Process is pretty well documented, but as with any document it’s normally based on a best practise “Standard” environment.

We are using hardware HSMs and some custom automation for the request process.So we came up with the below to create the CSR.

1. Create a text file containing the below, this will be your template file. Change Key Length if you are not using 2048

   [Version]

   Signature="$Windows NT$"

   [NewRequest] Subject=“CN=Server.Test.Lab,OU=IT,O=TestLab,L=Banbury,S=Northamptonshire,C=UK” KeySpec = 1 KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE ProviderName = “Microsoft RSA SChannel Cryptographic Provider” ProviderType = 12 RequestType = PKCS10 KeyUsage=0xf0

2. Copy the template file to your server and run this command from an elevated command prompt

       Certreq -new -f <template File> <output File>
   

3. Submit your CSR (output File) to your CA and it will give you the cert you need