Cybersecurity
DevOps Cloud
IT Operations Cloud
How to generate certificate signing request for NPS with SAN (Subject Alternative Name)
When CA certificate for NPS is requiered and external CA signing is requiered, the CSR might be in need of additional arguments.
Especially SAN, which slowly becomes a must in today's security standards.
The command used for generating CSR for NPS is the following:
ThirdPartyCertificateTool.bat -c -e -d "CN=<host_FQDN>,O=<org name>,C=<<Country>>" -r encrypt.csr -p NoPassWordSet
ThirdPartyCertificateTool.sh -c -e -d "CN=<host_FQDN>,O=<org name>,C=<<Country>>" -r encrypt.csr -p NoPassWordSet
When a SAN values are requiered, the command can be extended with additional argument -H for SAN DNS Name:
ThirdPartyCertificateTool.bat -c -e -d "CN=<host_FQDN>,O=<org name>,C=<<Country>>" -H "host1.domain.com" -r encrypt.csr -p NoPassWordSet
ThirdPartyCertificateTool.sh -c -e -d "CN=<host_FQDN>,O=<org name>,C=<<Country>>" -H "host1.domain.com" -r encrypt.csr -p NoPassWordSet
Depending on the requierements of the environment in terms of SAN, there are valid options for IP (-I) and Email (-M) as well.
If such are requiered, should be consulted with NPS support team for more details.