Hi all,
Certificates are new to me, but I've been working with them for the past few weeks. My goal is to get apache on server 2008 working with ssl, using a certificate that fits. We have a 2008CA in the environment. I need a .crt output with a decent length valid period. I believe I can change the .cer to a .crt with openssl conversions. My problem is NOT getting it to work with apache, my problem is getting the correct certificate output.
I can create a csr from my apache server using openssl. I can then go into 2008rootca/certsrv, choose request, my only options are then user or advanced, Create and submit a request to this CA, this ONLY ALLOWS ME TO SELECT "basic efs" and "user". I'm sure there's something to be done to be able to use the others, but I do not see what. I've googled a bunch but only come across things telling me to duplicate templates via a process that no longer works in 2008 (right click, duplicate).
My other options is to "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.", in which case it keeps issuing certificates to my username.
In neither case do I see an option to change the length of the certificate time.
Any help you can give is appreciated, and if not thanks so much for at least reading through in an effort to help.
Certificates are new to me, but I've been working with them for the past few weeks. My goal is to get apache on server 2008 working with ssl, using a certificate that fits. We have a 2008CA in the environment. I need a .crt output with a decent length valid period. I believe I can change the .cer to a .crt with openssl conversions. My problem is NOT getting it to work with apache, my problem is getting the correct certificate output.
I can create a csr from my apache server using openssl. I can then go into 2008rootca/certsrv, choose request, my only options are then user or advanced, Create and submit a request to this CA, this ONLY ALLOWS ME TO SELECT "basic efs" and "user". I'm sure there's something to be done to be able to use the others, but I do not see what. I've googled a bunch but only come across things telling me to duplicate templates via a process that no longer works in 2008 (right click, duplicate).
My other options is to "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.", in which case it keeps issuing certificates to my username.
In neither case do I see an option to change the length of the certificate time.
Any help you can give is appreciated, and if not thanks so much for at least reading through in an effort to help.
