Compare Page Revisions
« Older Revision - Back to Page History - Newer Revision »
MainDomainDotCom.inf
[Version] Signature="$Windows NT$" [NewRequest] Subject = "CN=maindomain.com,OU=My Organizational Unit,O=My Organization Inc.,STREET=100 Main Street,L=City,S=State,PostalCode=12345-6789,C=US" ; Remove to use an empty Subject name. ;Because SSL/TLS does not require a Subject name when a SAN extension is included, the certificate Subject name can be empty. ;If you are using another protocol, verify the certificate requirements. EncipherOnly = FALSE ; Only for Windows Server 2003 and Windows XP. Remove for all other client operating system versions. Exportable = FALSE ; TRUE = Private key is exportable KeyLength = 2048 ; Valid key sizes: 1024, 2048, 4096, 8192, 16384 KeySpec = 1 ; Key Exchange – Required for encryption KeyUsage = 0xA0 ; Digital Signature, Key Encipherment MachineKeySet = True ProviderName = "Microsoft RSA SChannel Cryptographic Provider" RequestType = PKCS10 ; or CMC. [EnhancedKeyUsageExtension] ; If you are using an enterprise CA the EnhancedKeyUsageExtension section can be omitted OID=1.3.6.1.5.5.7.3.1 ; Server Authentication OID=1.3.6.1.5.5.7.3.2 ; Client Authentication [Extensions] ; If your client operating system is Windows Server 2008, Windows Server 2008 R2, Windows Vista, or Windows 7 ; SANs can be included in the Extensions section by using the following text format. Note 2.5.29.17 is the OID for a SAN extension. 2.5.29.17 = "{text}" _continue_ = "dns=www.maindomain.com&" _continue_ = "dns=www.domain2.com&" _continue_ = "dns=maindomain.com&" _continue_ = "dns=domain2.com&"
Extensions
_continue_
"www"
MainDomainDotCom.csr
certreq -new MainDomainDotCom.inf MainDomainDotCom.csr
certutil -dump MainDomainDotCom.csr
ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2024, Patrick Jasinski.