10 Jun 2010

Replace SSL Certificates: Step 3: Submit the new Certificate Request to a Certificate Authority

This article forms part of the Replacing vSphere SSL Certificates series.

Before continuing with the steps in this article, be sure that you have completed Step 2: Generate a new SSL Certificate Request

Now that we have used OpenSSL to generate a new SSL certificate request, we need to submit the request to a Certificate Authority in order to sign a new SSL Certificate based on the request. OpenSSL has now generated the request and saved the request in rui.csr. We now need to open the rui.csr file using Wordpad. Once the file has been opened in Wordpad, we will copy the entire contents of the file to the clipboard.

After opening Windows Wordpad, open the rui.csr file that was generated by OpenSSL.


 When the "rui.csr" file is opened in WordPad, a block of text that begins with "-----BEGIN CERTIFICATE REQUEST-----" and ends with "-----END CERTIFICATE REQUEST-----" is displayed. From the File Menu, click "Edit -> Select All" to select the entire content of the "rui.csr" file.


 Copy the contents of the rui.csr file to the clipboard by clicking on Edit -> Copy (or simply press CTRL+C).


In the examples referenced in this article, Microsoft Certificate Services is installed on the same Windows Server as OpenSSL. Our server is called LABSSL01.uk.labs.virtualvcp.com. However it is not a requirement that Microsoft Certificate Services and OpenSSL is installed on the same server.

Open a new browser window and navigate to the Microsoft Certificate Services URL. As Microsoft Certificate Services is installed on the same host as where the browser is running, the URL referenced is http://localhost/certsrv. However, if the Microsoft Certificate Services server is not on the same host, the URL should contain: http://<ca-hostname-or-ip-address>/certsrv


 The Microsoft Certificate Services Welcome page is displayed. Under Select a task click on "Request a certificate".


  At the next page, click “advanced certificate request


Click "Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS#7 file."


 At the next page, right click in the Saved Request field and click “Paste”. This will paste the Certificate Request text that was copied to the clipboard, into the Saved Request field


 To submit the new SSL Certificate Request to the Certificate Authority, click the "Submit" button.


 The next page will confirm that the certificate request has been received.


Now that the new certificate request has been submitted to the CA, we need to sign the certificate.

To issue and sign the new certificate request, open the Microsoft Certification Authority Management Console: Start -> Run -> certsrv.msc -> OK


 The Certification Management Console opens. From the left pane, click “Pending Requests”. The new certificate request is displayed in the right pane


 To issue the new SSL certificate, right click on the pending certificate request, select “All Tasks” and click on “Issue”.


 Open a new browser window and again navigate to the Microsoft Certificate Services URL. At the Welcome page, click “View the status of a pending certificate request


 Select the Saved Request Certificate from the list


 At the Certificate Issues page, select “Base 64 Encoded” then click “Download certificate


 The File Download Dialog opens. Click “Save”


 Using the Save As dialog, navigate to the “C:\OpenSSL-Win32\bin” folder. Under the “Save as type” drop down menu, select “All files”. At the “File name” field, enter “rui.crt”. Click Save


 Now that we have a new SSL Certificate, continue to Step 4: Create a new PFX-Formatted Certificate

Written by  0 comment
Last modified on Tuesday, 09 December 2014 15:07
Rate this item
(0 votes)

Comments (0)

There are no comments posted here yet

Leave your comments

Posting comment as a guest. Sign up or login to your account.
0 Characters
Attachments (0 / 3)
Share Your Location

When you start writing GraphQL queries with filters off the top of your head without even looking at the reference… https://t.co/AbqVRGr4S3
Follow Rynardt Spies on Twitter