Create text file with inf extension such as the one below ;----------------- request.inf ----------------- [Version] Signature="$Windows NT$" [NewRequest] Subject = "CN=horizon8.nchar.local, OU=LocalHorizon, O=nchar, L=MyTown, S=VT, C=US" ; Replace View_Server_FQDN with the FQDN of the Horizon 7 server. ; Replace the remaining Subject attributes. KeySpec = 1 KeyLength = 2048 ; KeyLength is usually chosen from 2048, 3072, or 4096. A KeyLength ; of 1024 is also supported, but it is not recommended. HashAlgorithm = SHA256 ; Algorithms earlier than SHA-2 are insufficiently secure and are not recommended. Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 FriendlyName = "vda6" [RequestAttributes] CertificateTemplate="HorizonSSL" ;Certificate Template [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication [Extensions] 2.5.29.17 = "{text}" _continue_ = "dns=horizon8.nchar.local&" _continue_ = "dns=horizon8&" _continue_ = "dns=horizon.nchar.local&" ;----------------------------------------------- 2) Generate a Certificate Request file (.req) with the INF file and save as CertRequest.req C:\Temp>certreq -new C:\temp\RequestConfig.inf c:\temp\CertRequest.req 3) Submit the CertRequest.req to Internal CA Server to generate UAT.cer C:\temp> certreq.exe -submit CertRequest.req UAT.cer Click OK on the pop up ![]() 4) Import UAT.cer to Local Computer PS C:\temp> Import-Certificate -FilePath UAT.cer -CertStoreLocation cert:\LocalMachine\MY 5) Export the Certificate to UAT.pfx Use the below code, or export with the certificate MMC When exporting make sure you mark the private key as EXPORTABLE $Password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText Get-ChildItem -Path cert:\localMachine\my\EE933AFAB3F3FA82D223696BD2535B6B7306B7CA | Export-PfxCertificate -FilePath C:\Temp\UAT.pfx -Password $Password 6) Transfer the UAT.pfx file to another machine and import it with $Password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText Import-PfxCertificate -FilePath C:\Temp\UAT.pfx -Password $Password -CertStoreLocation cert:\LocalMachine\my -Exportable 7) Finish setup Make sure the friendly name is set to vdm Restart the Horizon View Connection Server Reference Pages: https://www.aventistech.com/2019/09/request-ssl-certificate-from-microsoft-ca-with-certreq/ https://docs.microsoft.com/en-us/powershell/module/pkiclient/import-pfxcertificate?view=win10-ps |
Windows Links >