Drashna Jaelre Posted February 22, 2014 Share Posted February 22, 2014 Pretty simple question.... Right....? I know it's possible, and i know how to "request" a cert from the CA console. But I have not found how to create the request file, so one can get a certificate signed by the domain's CA. As for why I want to do this? Mainly so I can have a signed certificate for my router's webUI. As well as for some of the filtering features of the router. (Sophos). Since all of my computers are connected to the domain, it would eliminate the need for me to import self-signed certs (or the CA at least) and allow me to use the CA I "own". Link to comment Share on other sites More sharing options...
jem101 Posted February 22, 2014 Share Posted February 22, 2014 Chris Are you trying to generate a cert for the router so that other devices will trust it? If so then as far as I know you would need to generate the CSR on the router, submit it to the CA and then import the cert when it is generated. That way the router would have a cert signed by the CA which hence would automatically be trusted by all domain members. I believe the original requesting device (in this case the router) has to have some means of creating the key pairs and unless there is an obvious way of doing this (you can do it on certain Cisco routers if they have the proper version of the OS running) I think you may be out of luck. Unless of course I've managed to completely misunderstand what you are trying to do in which case ignore all the the above. John Link to comment Share on other sites More sharing options...
Drashna Jaelre Posted February 22, 2014 Author Share Posted February 22, 2014 Yeah, that's pretty much exactly it. Specifically, this is for Sophos, and for it's web interface (and it's email filter/proxy). However, there doesn't seem to be a way to generate a CSR on the router. They basically assume that you're going to import the automatically generated cert into your computers network (manually or via GPO). The thing is that you can absolutely upload and assign certs to use, and even "regenerate" them as needed. But they really want use using their stuff, instead of allowing you to specify a CA, or manually import a CA cert. Link to comment Share on other sites More sharing options...
Drashna Jaelre Posted February 24, 2014 Author Share Posted February 24, 2014 Yeah, this is frustrating. I know you can manually request a signed cert from the CA Role in the server. And I know that the Connector Software actually does this automatically. So short of setting up a temp computer to connect and export and hope the "Windows Server Solutions Client Connector Software" Template works..... But anyone know now to create the certification request file? That's the piece that i seem to be missing. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now