I used the certreq command utility (certreq -new) to generate a csr from an .inf file which I sent to an intermediate CA to be signed, using certreq -submit.
For some reason the “Issued to” field under the General tab, and the “Subject” field under the details tab has my domain user name instead of the machine FQDN (specified on the subject line in the .inf).
I am doing this to replace the self-signed RDP cert on the machine with a certificate that is signed by our CA. I understand that this can be done using GPO & by creating an RDP template, but for testing purposes I need to make sure it works on this server first and using these commands.
The Server OS is Windows Server 2016 Standard. I am running the commands from an elevated PowerShell console.
Below is the .inf file I am referencing along with the commands I am using. I appreciate any insight on this!
;—————– request.inf —————–
[Version] Signature=”$Windows NT$”
[NewRequest] Subject = “C=US, ST=Florida, L=Orlando, O=Disney World, CN=RDPSSL-TEST.Disney.com”
KeySpec = 1 KeyLength = 2048 Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider” ProviderType = 12
RequestType = PKCS10
KeyUsage = “CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERT_KEY_ENCIPHERMENT_KEY_USAGE”
HashAlgorithm = SHA256
[EnhancedKeyUsageExtension] OID=22.214.171.124.4.1.3126.96.36.199 ; this is for Remote Desktop Authentication
[RequestAttributes] CertificateTemplate= DisneyRemoteDesktop
certreq -new request.inf cert.req
certreq -submit cert.req certnew.cer certnew.pfx