No announcement yet.

Third party certificate on DC

  • Filter
  • Time
  • Show
Clear All
new posts

  • Third party certificate on DC

    It goes like this: I need to enable SSL/TLS encryption on DCs. We do not have and do not intend to install MS CA in the forest. There exist a corporate CA which can sign the CSR, but:

    1) no IIS on the DC => can not generate the CSR using it's wizard

    2) "Certificates" snap-in fails to generate CSR because the corporate CA is offline and signs only through special web interface (no, it's not MS CA )

    3) I can generate CSR using script similar to this one:
    (after adding the "Subject" attribute and changing the CertType to "Computer", but the CA barfs and refuses to sign the cert. Apparently I am doing something wron in the script.

    The question is whether there exists a tool to create a valid CSR.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"