Friday, 3 June 2016

Microsoft Active Directory - SSL Certificate Request - And what I forgot

I was trying to generate an SSL certificate, signed by Active Directory ( on Windows Server 2008 R2 SP1 ), using the certreq command: -

certreq -submit -attrib "CertificateTemplate:Webserver" bpm856.uk.ibm.com_ihs.req bpm856.uk.ibm.com_ihs.cer

which kept popping up with: -


and: -

Active Directory Enrollment Policy
  {2738EA28-25D5-4E51-841F-73F6AEFBB682}
  ldap:
Certificate Request Processor: The system cannot find the file specified. 0x80070002 (WIN32: 2)


I couldn't work out what I'd missed … until I opened up Server Manager … and realised that I had NOT added the appropriate Role - Active Directory Certificate Services - so my AD box was "only" acting as a DNS server and domain controller.

Once I did this, unsurprisingly it just worked: -

certreq -submit -attrib "CertificateTemplate:Webserver" bpm856.uk.ibm.com_ihs.req bpm856.uk.ibm.com_ihs.cer

with: -


and: -

Active Directory Enrollment Policy
  {2738EA28-25D5-4E51-841F-73F6AEFBB682}
  ldap:
RequestId: 2
RequestId: "2"
Certificate retrieved(Issued) Issued

and a certificate :-)

No comments: