Geir's Wiki of things to remember

User Tools

Site Tools

Sidebar

vRealize

PowerShell

NPS

Software

Win32 API

nps:pki:request

Inf File Example for request

[Version] 

Signature="$Windows NT$"


[NEWREQUEST]
Subject="CN=service.test.no"
MachineKeySet = True
KeyUsage = 0xA0 
KeySpec = 1
KeyLength = 2048
Exportable = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
RequestType = PKCS10

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certreq_1

[Extensions]

2.5.29.17 = "{text}"

_continue_ = "dns=test.no&"

_continue_ = "dns=*.test.no&"
_continue_ = "ipaddress=10.10.10.1"

KeySpec = AT_NONE -- 0, AT_SIGNATURE -- 2,AT_KEYEXCHANGE -- 1
RequestType = 
PKCS10 -- 1
PKCS7 -- 2
CMC -- 3
Cert -- 4
SCEP -- fd00 (64768)
 
KeyUsage
CERT_DIGITAL_SIGNATURE_KEY_USAGE -- 80 (128)
CERT_NON_REPUDIATION_KEY_USAGE -- 40 (64)
CERT_KEY_ENCIPHERMENT_KEY_USAGE -- 20 (32)
CERT_DATA_ENCIPHERMENT_KEY_USAGE -- 10 (16)
CERT_KEY_AGREEMENT_KEY_USAGE -- 8
CERT_KEY_CERT_SIGN_KEY_USAGE -- 4
CERT_OFFLINE_CRL_SIGN_KEY_USAGE -- 2
CERT_CRL_SIGN_KEY_USAGE -- 2
CERT_ENCIPHER_ONLY_KEY_USAGE -- 1
CERT_DECIPHER_ONLY_KEY_USAGE -- 8000 (32768)

KeyUsageProperty
NCRYPT_ALLOW_DECRYPT_FLAG -- 1
NCRYPT_ALLOW_SIGNING_FLAG -- 2
NCRYPT_ALLOW_KEY_AGREEMENT_FLAG -- 4
NCRYPT_ALLOW_ALL_USAGES -- ffffff (16777215)

[RequestAttributes]
CertificateTemplate= WebServer

[Extensions]
2.5.29.17 extentions: (SAN)
dns=www.test.no
dn
DirectoryName=CN=Test,DC=domain,DC=COM
url=http://www.test.no/index.html
ipaddress=10.10.10.1
upn=user@domain.no
email=user@domain.no
guid

<code>
[Extensions]
2.5.29.19 (id-ce-basicConstraints)

2.5.29.19 "{text}ca=0pathlength=3"
Critical = 2.5.29.19


[Extensions]

2.5.29.37 extentions: (Key Usage)
1.3.6.1.5.5.7 ( id-pkix)
1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
1.3.6.1.5.5.7.3.3 (id-kp-codeSigning)
1.3.6.1.5.5.7.3.4 (id-kp-emailProtection)
1.3.6.1.5.5.7.3.5 (id-kp-ipsecEndSystem)
1.3.6.1.5.5.7.3.6 (id-kp-ipsecTunnel)
1.3.6.1.5.5.7.3.7 (id-kp-ipsecUser)
1.3.6.1.5.5.7.3.8 (id-kp-timeStamping)
1.3.6.1.5.5.7.3.9 (id-kp-OCSPSigning)
1.3.6.1.5.5.7.3.10 (id-kp-dvcs)
1.3.6.1.5.5.7.3.11 (id-kp-sbgpCertAAServerAuth)
1.3.6.1.5.5.7.3.12 (id-kp-scvp-responder)
1.3.6.1.5.5.7.3.13 (id-kp-eapOverPPP)
1.3.6.1.5.5.7.3.14 (id-kp-eapOverLAN)
1.3.6.1.5.5.7.3.15 (id-kp-scvpServer)
1.3.6.1.5.5.7.3.16 (id-kp-scvpClient)
1.3.6.1.5.5.7.3.17 (id-kp-ipsecIKE)
1.3.6.1.5.5.7.3.18 (id-kp-capwapAC)
1.3.6.1.5.5.7.3.19 (id-kp-capwapWTP)
1.3.6.1.5.5.7.3.20 (id-kp-sipDomain)
1.3.6.1.5.5.7.3.21 (id-kp-secureShellClient)
1.3.6.1.5.5.7.3.22 (id-kp-secureShellServer)
1.3.6.1.5.5.7.3.23 (id-kp-sendRouter)
1.3.6.1.5.5.7.3.24 (id-kp-sendProxiedRouter)
1.3.6.1.5.5.7.3.25 (id-kp-sendOwner)
1.3.6.1.5.5.7.3.26 (id-kp-sendProxiedOwner)
1.3.6.1.5.5.7.3.27 (id-kp-cmcCA)
1.3.6.1.5.5.7.3.28 (id-kp-cmcRA)
1.3.6.1.5.5.7.3.29 (id-kp-cmcArchive)
1.3.6.1.5.5.7.3.30 (id-kp-bgpsec-router)

Commands to run: 

certreq -new cert.inf cert.req
certutil cert.req
certreq -submit cert.req
certreq -accept

certreq.exe -attrib "CertificateTemplate:WebServer" -submit D:\requestfile.txt
nps/pki/request.txt ยท Last modified: 2019/04/25 16:02 by admin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki