Wikis - Page

How to generate certificate signing request for NPS with SAN (Subject Alternative Name)

4 Likes

TOPIC:

 

How to generate certificate signing request for NPS with SAN (Subject Alternative Name)

 

HOW TO STEPS:

 

When CA certificate for NPS is requiered and external CA signing is requiered, the CSR might be in need of additional arguments.

Especially SAN, which slowly becomes a must in today's security standards.

 

The command used for generating CSR for NPS is the following: 

  • On windows: 

ThirdPartyCertificateTool.bat -c -e -d "CN=<host_FQDN>,O=<org name>,C=<<Country>>" -r encrypt.csr -p NoPassWordSet

  • On Linux: 

ThirdPartyCertificateTool.sh -c -e -d "CN=<host_FQDN>,O=<org name>,C=<<Country>>" -r encrypt.csr -p NoPassWordSet

 

When a SAN values are requiered, the command can be extended with additional argument -H for SAN DNS Name:

  • On windows: 

ThirdPartyCertificateTool.bat -c -e -d "CN=<host_FQDN>,O=<org name>,C=<<Country>>" -H "host1.domain.com" -r encrypt.csr -p NoPassWordSet

  • On Linux: 

ThirdPartyCertificateTool.sh -c -e -d "CN=<host_FQDN>,O=<org name>,C=<<Country>>" -H "host1.domain.com" -r encrypt.csr -p NoPassWordSet

 

Depending on the requierements of the environment in terms of SAN, there are valid options for IP (-I) and Email (-M) as well.

If such are requiered, should be consulted with NPS support team for more details.

Labels:

How To-Best Practice
Other
Support Tips/Knowledge Docs
Support Tip
Comment List
Related
Recommended