Skip to main content

Generate SSL certificate request (CSR) using certreq.exe


Generate SSL certificate request (CSR) using certreq.exe
As a working Lync administrator, you may require to created CSR request for Lync Server. May external communication, internal, web services etc.
I use to use Certreq.exe for creating certificate request this very easy way. Want to share same with you.
Steps:
The following is an example of how to use “CERTREQ.EXE”:
1.    From a command prompt change directory to the location where you saved the “request.inf” file.

2.    Create the Certificate request:  Certreq.exe –new request.inf request.csr

E.g. C:\temp\Lyncweb>certreq.exe -new lyncweb.inf lyncweb.csr
 
Note: you must open command prompt as Administrator to perform task. 
3.    Send request.csr file contents to third part CA.

4.    Retrieve the certificate save it in certnew.cer.  Make sure that you save the file in the same directory where you have saved request.inf file.

5.    Accept the issued certificate:  Certreq.exe –accept certnew.cer

6.    Use MMC Certificate manager to export the certificate along with the Private Key. 

Example “REQUEST.INF” file:  Copy the below into a new file named request.inf and edit the “Subject” and “FriendlyName” values along with the SANs listed under the section [Extension]. 

[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "CN=dialin.ceskeho.com,OU=IT,O=Ceskeho,L=Goodyear,S=AZ,C=US"
FriendlyName = "Lync Reverse Proxy Cert"
Exportable = TRUE
SMIME = FALSE
KeyLength = 2048
KeySpec = 1
KeyUsage = 0xa0
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
RequestType = PKCS10 

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
OID=1.3.6.1.5.5.7.3.2 ; Client Authentication 

[RequestAttributes]
CertificateTemplate = WebServer
 

[Extensions]
; If your client operating system is Windows Server 2008, Windows Server 2008 R2, Windows Vista, or Windows 7; SANs can be included in the Extensions section by using the following text format. Note 2.5.29.17 is the OID for a SAN extension.
2.5.29.17 = "{text}"
_continue_ = "dns=lyncpool.ceskeho.com&"
_continue_ = "dns=lync1.ceskeho.com&"
_continue_ = "dns=lync2.ceskeho.com&"
_continue_ = "dns=meet.ceskeho.com&"
_continue_ = "dns=dialin.ceskeho.com&"
_continue_ = "dns=lyncdiscover.ceskeho.com&"
_continue_ = "dns=lyncdiscoverinternal.ceskeho.com&"
_continue_ = "dns=sip.ceskeho.com&"
_continue_ = "dns=lyncpool-ws-ext.ceskeho.com&"
_continue_ = "dns=lyncpool-ws-int.ceskeho.com&" 

Thank you

Comments

Popular posts from this blog

Outlook Add-in for Skype meeting getting disable after restarting Outlook.

Issue: Outlook Add-in for Lync meeting getting disable after restarting Outlook.
Problem Statement: Outlook Add-ins gets install automatically when Office 2013 installs (Lync and Skype for Business clients are part of Office package). Add-ins name is Lync Meeting Scheduling Outlook Addin or Skype meeting Add-in for Microsoft Office 2013. Sometime if other add-ins conflict with Outlook add-ins then outlook add-in keep getting disabled. And user has to enable it manually after Outlook restarts. 
Resolution: By default Lync Meeting Scheduling Outlook Addin or Skype Meeting Add-in for Microsoft Office 2013 installs wit load behavior "Load at Startup". However due to some conflict users Lync or Skype add-ins load behavior get changed to loaded instead of "Load at Startup" had to re-enable Lync Meeting Add-In in each time Outlook 2013 was started as it was not set to "Load at Startup". Look at the below screenshot. Now question is how we can change load behavior …

Unable to share desktop in Skype for Business?

Unable to share desktop in Skype for Business?
You can show your entire desktop or just a program to everyone in a Skype for Business Meeting, call, or instant messaging (IM) conversation. However sometime this feature does not work and give different errors.  Error message: ·Cannot start Desktop/Application Sharing due to network issues. ·An error occurred during the screen presentation. Resolution: There are multiple thing which may affect application/desktop sharing. 1.Make sure application / desktop sharing enabled on Skype for Business / Lync Server. SfB /Lync Control Panel > Conferencing > Conferencing policy > select Global or create new policy and set enable ‘Enable application and desktop sharing’. Refer below image. 2.Make sure your Skype for Business (Lync) client is updated with latest cumulative updates. Download latest update Skype (Lync) client. 3.Update your Video and Display drivers. a.Go to Start > Control panel. b.Search for Device Manager, and then open it. c.Find V…

Unable to login to Skype for Business client?

Unable to login to Skype for Business client? In order to sign-in on Skype (Lync) you must have login credential provided to you from your organization. ·Sign-in address: bilag@orgname.com ·User name: orgname\bilag ·Password: ************
Note: Orgname.com is my SIP domain name. Here are the most common mistake people make while sign-in on Skype for Business (Lync).
1.If you have login credential however still unable to sign-in then make sure you are putting proper login credential. Below error shows when you are wrong entering your sign-in address:
2.If you are writing correct Sign-in address however getting DNS error then contact administrator/ Support team there may be a DNS resolution or configuration issue. Administrator need to verify the SfB (Lync) AutoDiscover DNS records. 3.Sometime users password may expired/ lockout: Make sure that you password is not expire and lockout. If yes then call to helpdesk and reset your password / unlock. 4.Make user to have updated Skype for Business cli…