Request a certificate from the built in CA?

[Drashna Jaelre]

Pretty simple question.... Right....?

 

I know it's possible, and i know how to "request" a cert from the CA console. But I have not found how to create the request file, so one can get a certificate signed by the domain's CA.

 

 

As for why I want to do this? Mainly so I can have a signed certificate for my router's webUI. As well as for some of the filtering features of the router. (Sophos). 

Since all of my computers are connected to the domain, it would eliminate the need for me to import self-signed certs (or the CA at least) and allow me to use the CA I "own".

[jem101]

Chris

 

Are you trying to generate a cert for the router so that other devices will trust it? If so then as far as I know you would need to generate the CSR on the router, submit it to the CA and then import the cert when it is generated. That way the router would have a cert signed by the CA which hence would automatically be trusted by all domain members. I believe the original requesting device (in this case the router) has to have some means of creating the key pairs and unless there is an obvious way of doing this (you can do it on certain Cisco routers if they have the proper version of the OS running) I think you may be out of luck.

 

Unless of course I've managed to completely misunderstand what you are trying to do in which case ignore all the the above.

 

John

[Drashna Jaelre]

Yeah, that's pretty much exactly it. 

 

Specifically, this is for Sophos, and for it's web interface (and it's email filter/proxy). However, there doesn't seem to be a way to generate a CSR on the router. They basically assume that you're going to import the automatically generated cert into your computers network (manually or via GPO). 

 

The thing is that you can absolutely upload and assign certs to use, and even "regenerate" them as needed. But they really want use using their stuff, instead of allowing you to specify a CA, or manually import a CA cert. 

[Drashna Jaelre]

Yeah, this is frustrating. I know you can manually request a signed cert from the CA Role in the server. And I know that the Connector Software actually does this automatically.

 

So short of setting up a temp computer to connect and export and hope the "Windows Server Solutions Client Connector Software" Template works.....

 

But anyone know now to create the certification request file? That's the piece that i seem to be missing.