How to create ssl certificate on CA Windows 2012?

Z

Z-RoVeR2018-08-24 10:00:33

Digital certificates

Z-RoVeR, 2018-08-24 10:00:33

There is a CA on Windows 2012 R2
There is a machine on Ubuntu with a web face like https://compname.mydomain.local
How to issue an SSL certificate so that all machines in the domain trust it and access the web face via https and the error "Your connection is not protected"
I tried this:
New-SelfSignedCertificate -DnsName compname.mydomain.local -CertStoreLocation cert:\LocalMachine\My
And then exported:
Export-Certificate -Cert cert:\LocalMachine\My\D9B86********** ******** -FilePath C:\*.cer

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vadim Choporov, 2018-08-24
@Z-RoVeR

If you don’t know how to contact the CA directly, it’s easier to create a certificate request on bubuntu, in accordance with the required parameters in a suitable template on the CA. Send the generated request file to a non-CA, issue a certificate there (for example, through certreq), and return the finished certificate to bubuntu. Install and enjoy life. Unless, of course, your CA is not for beauty, but its root is published in AD or pushed into the root by policies.

S

Sergey Ryzhkin, 2018-08-24
@Franciz

In order to avoid an error locally, you must at least add your created certificate to the trusted zone through the mmc snap-in - certificates, on each PC from which you want to connect. Or scatter it through GPO on all machines.
PS do format domain - mydomain .local - mauvais ton

C

CityCat4, 2018-08-24
@CityCat4

The CA certificate should already be trusted - it is automatically pushed there by the policy, but of course this needs to be checked.
You can issue a certificate for a web server using the "Web server" template. Here is where to generate a request for transmission to the CA in Windows - I won’t tell you, because I always generate CSR on Linux