[Version] Signature="$Windows NT$" [NEWREQUEST] Subject="CN=service.test.no" MachineKeySet = True KeyUsage = 0xA0 KeySpec = 1 KeyLength = 2048 Exportable = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" RequestType = PKCS10 https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certreq_1 [Extensions] 2.5.29.17 = "{text}" _continue_ = "dns=test.no&" _continue_ = "dns=*.test.no&" _continue_ = "ipaddress=10.10.10.1" KeySpec = AT_NONE -- 0, AT_SIGNATURE -- 2,AT_KEYEXCHANGE -- 1 RequestType = PKCS10 -- 1 PKCS7 -- 2 CMC -- 3 Cert -- 4 SCEP -- fd00 (64768) KeyUsage CERT_DIGITAL_SIGNATURE_KEY_USAGE -- 80 (128) CERT_NON_REPUDIATION_KEY_USAGE -- 40 (64) CERT_KEY_ENCIPHERMENT_KEY_USAGE -- 20 (32) CERT_DATA_ENCIPHERMENT_KEY_USAGE -- 10 (16) CERT_KEY_AGREEMENT_KEY_USAGE -- 8 CERT_KEY_CERT_SIGN_KEY_USAGE -- 4 CERT_OFFLINE_CRL_SIGN_KEY_USAGE -- 2 CERT_CRL_SIGN_KEY_USAGE -- 2 CERT_ENCIPHER_ONLY_KEY_USAGE -- 1 CERT_DECIPHER_ONLY_KEY_USAGE -- 8000 (32768) KeyUsageProperty NCRYPT_ALLOW_DECRYPT_FLAG -- 1 NCRYPT_ALLOW_SIGNING_FLAG -- 2 NCRYPT_ALLOW_KEY_AGREEMENT_FLAG -- 4 NCRYPT_ALLOW_ALL_USAGES -- ffffff (16777215) [RequestAttributes] CertificateTemplate= WebServer
[Extensions] 2.5.29.17 extentions: (SAN) dns=www.test.no dn DirectoryName=CN=Test,DC=domain,DC=COM url=http://www.test.no/index.html ipaddress=10.10.10.1 upn=user@domain.no email=user@domain.no guid <code> [Extensions] 2.5.29.19 (id-ce-basicConstraints) 2.5.29.19 "{text}ca=0pathlength=3" Critical = 2.5.29.19
[Extensions] 2.5.29.37 extentions: (Key Usage) 1.3.6.1.5.5.7 ( id-pkix) 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth) 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth) 1.3.6.1.5.5.7.3.3 (id-kp-codeSigning) 1.3.6.1.5.5.7.3.4 (id-kp-emailProtection) 1.3.6.1.5.5.7.3.5 (id-kp-ipsecEndSystem) 1.3.6.1.5.5.7.3.6 (id-kp-ipsecTunnel) 1.3.6.1.5.5.7.3.7 (id-kp-ipsecUser) 1.3.6.1.5.5.7.3.8 (id-kp-timeStamping) 1.3.6.1.5.5.7.3.9 (id-kp-OCSPSigning) 1.3.6.1.5.5.7.3.10 (id-kp-dvcs) 1.3.6.1.5.5.7.3.11 (id-kp-sbgpCertAAServerAuth) 1.3.6.1.5.5.7.3.12 (id-kp-scvp-responder) 1.3.6.1.5.5.7.3.13 (id-kp-eapOverPPP) 1.3.6.1.5.5.7.3.14 (id-kp-eapOverLAN) 1.3.6.1.5.5.7.3.15 (id-kp-scvpServer) 1.3.6.1.5.5.7.3.16 (id-kp-scvpClient) 1.3.6.1.5.5.7.3.17 (id-kp-ipsecIKE) 1.3.6.1.5.5.7.3.18 (id-kp-capwapAC) 1.3.6.1.5.5.7.3.19 (id-kp-capwapWTP) 1.3.6.1.5.5.7.3.20 (id-kp-sipDomain) 1.3.6.1.5.5.7.3.21 (id-kp-secureShellClient) 1.3.6.1.5.5.7.3.22 (id-kp-secureShellServer) 1.3.6.1.5.5.7.3.23 (id-kp-sendRouter) 1.3.6.1.5.5.7.3.24 (id-kp-sendProxiedRouter) 1.3.6.1.5.5.7.3.25 (id-kp-sendOwner) 1.3.6.1.5.5.7.3.26 (id-kp-sendProxiedOwner) 1.3.6.1.5.5.7.3.27 (id-kp-cmcCA) 1.3.6.1.5.5.7.3.28 (id-kp-cmcRA) 1.3.6.1.5.5.7.3.29 (id-kp-cmcArchive) 1.3.6.1.5.5.7.3.30 (id-kp-bgpsec-router)
Commands to run:
certreq -new cert.inf cert.req certutil cert.req certreq -submit cert.req certreq -accept certreq.exe -attrib "CertificateTemplate:WebServer" -submit D:\requestfile.txt