Sign the CSR with Microsoft Certificate Services

Before you begin

  1. Generate a certificate signing request
  2. Open the CSR that you generated in ETP and copy the contents of the CSR.

If your organization uses Microsoft Certificate Services to issue, revoke, or renew certificates, complete this procedure to sign the certificate signing request (CSR) you generated in ETP.

This procedure signs the request as a subordinate or intermediate CA.

Graphical user interface

How to

  1. Open a browser and go to the IP address of the Microsoft certificate server.
  2. Click Request a certificate.
  3. On the Request a certificate page, click advanced certificate request.
  4. On the Advanced Certificate Request page, click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
  5. On the Submit a Certificate Request or Renewal Request page, paste the contents of the CSR file you downloaded from Enterprise Threat Protector.
  6. In the Certificate Template list, select Subordinate Certificate Authority.
  7. Click Submit.
  8. On the Certificate Issued page, select Base 64 encoded.
  9. Click Download certificate and save the certificate to a secure location.

Next steps

Upload the signed certificate to ETP. See Upload and deploy signed certificate to ETP.

Command line interface

How to

  1. On the Microsoft certificate server, open a command prompt and run it as an administrator.
  2. Enter this command: 
    certreq -submit -attrib “CertificateTemplate:SubCA” <certificateSigningRequest.csr>

    where <certificateSigningRequest.csr> is the certificate signing request you generated in Enterprise Threat Protector.

    The Certification Authority List dialog appears.

  3. Select the Certificate Authority (CA) that you want to sign the request and click OK.
  4. Save the certificate as a .der file.

Next steps

Upload the signed certificate to ETP. See Upload and deploy signed certificate to ETP.