Sign the CSR with Microsoft Certificate Services
Before you begin
- Generate a certificate signing request
- Open the CSR that you generated in ETP and copy the contents of the CSR.
This procedure signs the request as a subordinate or intermediate CA.
Graphical user interface
- Open a browser and go to the IP address of the Microsoft certificate server.
Click Request a certificate.
- On the Request a certificate page, click advanced certificate request.
On the Advanced Certificate Request page, click Submit a certificate
request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal
request by using a base-64-encoded PKCS #7 file.
- On the Submit a Certificate Request or Renewal Request page, paste the contents of the CSR file you downloaded from Enterprise Threat Protector.
In the Certificate Template list, select Subordinate Certificate
- Click Submit.
- On the Certificate Issued page, select Base 64 encoded.
Click Download certificate and save the certificate to a
Command line interface
- On the Microsoft certificate server, open a command prompt and run it as an administrator.
Enter this command:
certreq -submit -attrib “CertificateTemplate:SubCA” <certificateSigningRequest.csr>
where <certificateSigningRequest.csr> is the certificate signing request you generated in Enterprise Threat Protector.
The Certification Authority List dialog appears.
- Select the Certificate Authority (CA) that you want to sign the request and click OK.
- Save the certificate as a .der file.