10 Jun 2010

Replace SSL Certificates: Step 3: Submit the new Certificate Request to a Certificate Authority

This article forms part of the Replacing vSphere SSL Certificates series.

Before continuing with the steps in this article, be sure that you have completed Step 2: Generate a new SSL Certificate Request

Now that we have used OpenSSL to generate a new SSL certificate request, we need to submit the request to a Certificate Authority in order to sign a new SSL Certificate based on the request. OpenSSL has now generated the request and saved the request in rui.csr. We now need to open the rui.csr file using Wordpad. Once the file has been opened in Wordpad, we will copy the entire contents of the file to the clipboard.

After opening Windows Wordpad, open the rui.csr file that was generated by OpenSSL.

req2ca_01_wordpad_01_open

 When the "rui.csr" file is opened in WordPad, a block of text that begins with "-----BEGIN CERTIFICATE REQUEST-----" and ends with "-----END CERTIFICATE REQUEST-----" is displayed. From the File Menu, click "Edit -> Select All" to select the entire content of the "rui.csr" file.

req2ca_02_wordpad_02_selectall

 Copy the contents of the rui.csr file to the clipboard by clicking on Edit -> Copy (or simply press CTRL+C).

req2ca_03_wordpad_03_copy

In the examples referenced in this article, Microsoft Certificate Services is installed on the same Windows Server as OpenSSL. Our server is called LABSSL01.uk.labs.virtualvcp.com. However it is not a requirement that Microsoft Certificate Services and OpenSSL is installed on the same server.

Open a new browser window and navigate to the Microsoft Certificate Services URL. As Microsoft Certificate Services is installed on the same host as where the browser is running, the URL referenced is http://localhost/certsrv. However, if the Microsoft Certificate Services server is not on the same host, the URL should contain: http://<ca-hostname-or-ip-address>/certsrv

req2ca_04_browser_01_certsrv

 The Microsoft Certificate Services Welcome page is displayed. Under Select a task click on "Request a certificate".

req2ca_05_browser_02_reqcert

  At the next page, click “advanced certificate request

req2ca_06_browser_03_adv_req

Click "Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS#7 file."

  req2ca_07_browser_04_req_base64

 At the next page, right click in the Saved Request field and click “Paste”. This will paste the Certificate Request text that was copied to the clipboard, into the Saved Request field

req2ca_08_browser_05_req_paste

 To submit the new SSL Certificate Request to the Certificate Authority, click the "Submit" button.

req2ca_09_browser_06_req_submit

 The next page will confirm that the certificate request has been received.

req2ca_10_browser_07_Cert_Pending

Now that the new certificate request has been submitted to the CA, we need to sign the certificate.

To issue and sign the new certificate request, open the Microsoft Certification Authority Management Console: Start -> Run -> certsrv.msc -> OK

req2ca_11_startrun_01_certsrv_msc

 The Certification Management Console opens. From the left pane, click “Pending Requests”. The new certificate request is displayed in the right pane

req2ca_12_certsrv_01_pending

 To issue the new SSL certificate, right click on the pending certificate request, select “All Tasks” and click on “Issue”.

 req2ca_13_certsrv_02_rclick_issue

 Open a new browser window and again navigate to the Microsoft Certificate Services URL. At the Welcome page, click “View the status of a pending certificate request

 req2ca_14_browser_dl_01_viewstat

 Select the Saved Request Certificate from the list

req2ca_15_browser_dl_02_selectcert

 At the Certificate Issues page, select “Base 64 Encoded” then click “Download certificate

req2ca_16_browser_dl_03_download

 The File Download Dialog opens. Click “Save”

req2ca_17_browser_dl_04_save

 Using the Save As dialog, navigate to the “C:\OpenSSL-Win32\bin” folder. Under the “Save as type” drop down menu, select “All files”. At the “File name” field, enter “rui.crt”. Click Save

req2ca_18_browser_dl_05_rui-crt

 Now that we have a new SSL Certificate, continue to Step 4: Create a new PFX-Formatted Certificate

Written by  0 comment
Last modified on Tuesday, 09 December 2014 15:07
Rate this item
(0 votes)

Comments (0)

There are no comments posted here yet

Leave your comments

Posting comment as a guest. Sign up or login to your account.
0 Characters
Attachments (0 / 3)
Share Your Location

@martinclarkson I know. That kinda sucks though. All good things must eventually come to an end.
Follow Rynardt Spies on Twitter