We recently moved to a new Window 2012 R2 Certificate Authority (Sha2, 2048..check us out 😉 ), which meant that I had to issue new certs to our SCOM Servers.The Process is pretty well documented, but as with any document it’s normally based on a best practise “Standard” environment.
We are using hardware HSMs and some custom automation for the request process.So we came up with the below to create the CSR.
Create a text file containing the below, this will be your template file. Change Key Length if you are not using 2048
[NewRequest] Subject=“CN=Server.Test.Lab,OU=IT,O=TestLab,L=Banbury,S=Northamptonshire,C=UK” KeySpec = 1 KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE ProviderName = “Microsoft RSA SChannel Cryptographic Provider” ProviderType = 12 RequestType = PKCS10 KeyUsage=0xf0
Copy the template file to your server and run this command from an elevated command prompt
Certreq -new -f <template File> <output File>
Submit your CSR (output File) to your CA and it will give you the cert you need