CSR Request for SHA-2 Certificate


 

Before you begin

its important to check your environment readiness for Sha-2 especially the devices and the operation system

please check SHA-2 Certificate Compatibility for you environment

Create CSR for SHA-2 Algorithm

From the Computer/Server that you want to apply the certificate

  • Type MMC in Run17
  • In MMC console click File >> Add/Remove snap-in
  • Choose Certificate >> Add >>  Computer >> Local Computer18

 

  • Click Next
  • Go to Personal Store >> Certificate >> Right Click a All Tasks a Advanced Operations a Create Custom Request1

 

  • Choose Custom Request Proceed without enrollment policy2

 

  • Chose the Certificate Template (No template) CNG Key
  • Request Format : PKCS#10

the Cryptography Next Generation (CNG Key) will allow us to be able to change the Algorithm to SHA-2

  • 3

 

  • Click Next
  • Click on Details  >> Properties 4

Edit and Modify Certificate Properties

General Tab

  • Type Certificate Friendly name , and Description 5

Subject Tab

Subject Name

Add the Following Subject Name Types

  • Common Name (CN)

main certificate name , for example (mail.msmuscle.net)

  • Country (C)

Country Code ex: Jordan = JO

  • Locality (L),  Organization (O),  Organization Unit (OU),  State (S)

Alternative Name

To Add Subject Alternative Name (SAN) , add the following Type:

  • DNS

Subject alternative name for your certificate ex: autodiscover.msmuscle.net

6

Extensions Tab

Key usage

  • add the Key usage for your certificate
  • check Make these key usage critical

example : for exchange server and lync server  (Digital signature, key encipherment)

7

Extended Key Usage (application Policies)

Defines the purpose of the certificate , and how the certificate can be use

  • for exchange and lync server (Server Authentication, Client Authentication)

8

Private Key Tab

Key options

set the key length  and make the private key exportable

  • Change key size to 2048 
  • Check Make private key exportable

10

Select Hash Algorithm

select the Algorithm for your request

  • Change Hash Algorithm to sha256

11

 

  • Finally, Click OK

  • then Click NEXT

12

 

  • save the requisite file to you local computer. File format Base 64
  • Click Finish

13

 

Now the requisite with Sha-2 Algorithm is ready for your Certificate

14

To Issue the Certificate from the request file

  • Public Certificate : send the request file to your Public Certificate Issuer
  • Local Certificate : Issue/Signing certificate using Certificate Authority (CA)

Post tasks:

  • Lync Server : you have to modify the Certificate to apply successfully , because the CNG key compatibility , modify your certificate

 

To verify your request  file  if its sha-2 or not.

use this LINK  from symantec

open the File using notepad , copy and past your request file content and check

16

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s