lalmohan.co.nz
Open in
urlscan Pro
172.67.163.156
Public Scan
URL:
https://lalmohan.co.nz/2020/02/10/create-and-install-a-san-certificate-subject-alternative-name-in-windows-without-thir...
Submission: On April 06 via manual from US — Scanned from NZ
Submission: On April 06 via manual from US — Scanned from NZ
Form analysis 6 forms found in the DOM
POST https://lalmohan.co.nz/wp-comments-post.php
<form action="https://lalmohan.co.nz/wp-comments-post.php" method="post" id="commentform" class="comment-form"><input type="hidden" id="highlander_comment_nonce" name="highlander_comment_nonce" value="84e08481e4"><input type="hidden"
name="_wp_http_referer" value="/2020/02/10/create-and-install-a-san-certificate-subject-alternative-name-in-windows-without-third-party-tools/">
<input type="hidden" name="hc_post_as" id="hc_post_as" value="guest">
<div class="comment-form-field comment-textarea">
<div id="comment-form-comment"><textarea id="comment" name="comment" title="Enter your comment here..." placeholder="Enter your comment here..." style="overflow: hidden; overflow-wrap: break-word; resize: none; height: 38px;"></textarea></div>
</div>
<div id="comment-form-identity" style="display: none;">
<div id="comment-form-nascar">
<p>Fill in your details below or click an icon to log in:</p>
<ul>
<li class="selected" style="display:none;">
<a href="#comment-form-guest" id="postas-guest" class="nascar-signin-link" title="Login via Guest">
</a>
</li>
<li>
<a href="#comment-form-load-service:WordPress.com" id="postas-wordpress" class="nascar-signin-link" title="Login via WordPress.com">
<svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24"><rect x="0" fill="none" width="24" height="24"></rect><g><path fill="#0087be" d="M12.158 12.786l-2.698 7.84c.806.236 1.657.365 2.54.365 1.047 0 2.05-.18 2.986-.51-.024-.037-.046-.078-.065-.123l-2.762-7.57zM3.008 12c0 3.56 2.07 6.634 5.068 8.092L3.788 8.342c-.5 1.117-.78 2.354-.78 3.658zm15.06-.454c0-1.112-.398-1.88-.74-2.48-.456-.74-.883-1.368-.883-2.11 0-.825.627-1.595 1.51-1.595.04 0 .078.006.116.008-1.598-1.464-3.73-2.36-6.07-2.36-3.14 0-5.904 1.613-7.512 4.053.21.008.41.012.58.012.94 0 2.395-.114 2.395-.114.484-.028.54.684.057.74 0 0-.487.058-1.03.086l3.275 9.74 1.968-5.902-1.4-3.838c-.485-.028-.944-.085-.944-.085-.486-.03-.43-.77.056-.742 0 0 1.484.114 2.368.114.94 0 2.397-.114 2.397-.114.486-.028.543.684.058.74 0 0-.488.058-1.03.086l3.25 9.665.897-2.997c.456-1.17.684-2.137.684-2.907zm1.82-3.86c.04.286.06.593.06.924 0 .912-.17 1.938-.683 3.22l-2.746 7.94c2.672-1.558 4.47-4.454 4.47-7.77 0-1.564-.4-3.033-1.1-4.314zM12 22C6.486 22 2 17.514 2 12S6.486 2 12 2s10 4.486 10 10-4.486 10-10 10z"></path></g></svg> </a>
</li>
<li>
<a href="#comment-form-load-service:Twitter" id="postas-twitter" class="nascar-signin-link" title="Login via Twitter">
<svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24"><rect x="0" fill="none" width="24" height="24"></rect><g><path fill="#1DA1F2" d="M22.23 5.924c-.736.326-1.527.547-2.357.646.847-.508 1.498-1.312 1.804-2.27-.793.47-1.67.812-2.606.996C18.325 4.498 17.258 4 16.078 4c-2.266 0-4.103 1.837-4.103 4.103 0 .322.036.635.106.935-3.41-.17-6.433-1.804-8.457-4.287-.353.607-.556 1.312-.556 2.064 0 1.424.724 2.68 1.825 3.415-.673-.022-1.305-.207-1.86-.514v.052c0 1.988 1.415 3.647 3.293 4.023-.344.095-.707.145-1.08.145-.265 0-.522-.026-.773-.074.522 1.63 2.038 2.817 3.833 2.85-1.404 1.1-3.174 1.757-5.096 1.757-.332 0-.66-.02-.98-.057 1.816 1.164 3.973 1.843 6.29 1.843 7.547 0 11.675-6.252 11.675-11.675 0-.178-.004-.355-.012-.53.802-.578 1.497-1.3 2.047-2.124z"></path></g></svg> </a>
</li>
<li>
<a href="#comment-form-load-service:Facebook" id="postas-facebook" class="nascar-signin-link" title="Login via Facebook">
<svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24"><rect x="0" fill="none" width="24" height="24"></rect><g><path fill="#3B5998" d="M20.007 3H3.993C3.445 3 3 3.445 3 3.993v16.013c0 .55.445.994.993.994h8.62v-6.97H10.27V11.31h2.346V9.31c0-2.325 1.42-3.59 3.494-3.59.993 0 1.847.073 2.096.106v2.43h-1.438c-1.128 0-1.346.537-1.346 1.324v1.734h2.69l-.35 2.717h-2.34V21h4.587c.548 0 .993-.445.993-.993V3.993c0-.548-.445-.993-.993-.993z"></path></g></svg> </a>
</li>
</ul>
</div>
<div id="comment-form-guest" class="comment-form-service selected">
<div class="comment-form-padder">
<div class="comment-form-avatar">
<a href="https://gravatar.com/site/signup/" target="_blank"> <img src="https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=retro&forcedefault=y&r=G" alt="Gravatar" width="25" class="no-grav grav-hashed grav-hijack" id="grav-ad516503a11cd5ca435acc9bb6523536-0">
</a>
</div>
<div class="comment-form-fields">
<div class="comment-form-field comment-form-email">
<label for="email">Email <span class="required">(required)</span> <span class="nopublish">(Address never made public)</span></label>
<div class="comment-form-input"><input id="email" name="email" type="email" value=""></div>
</div>
<div class="comment-form-field comment-form-author">
<label for="author">Name <span class="required">(required)</span></label>
<div class="comment-form-input"><input id="author" name="author" type="text" value=""></div>
</div>
<div class="comment-form-field comment-form-url">
<label for="url">Website</label>
<div class="comment-form-input"><input id="url" name="url" type="url" value=""></div>
</div>
</div>
</div>
</div>
<div id="comment-form-wordpress" class="comment-form-service">
<div class="comment-form-padder">
<div class="comment-form-avatar">
<img src="https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=retro&forcedefault=y&r=G" alt="WordPress.com Logo" width="25" class="no-grav grav-hashed grav-hijack" id="grav-ad516503a11cd5ca435acc9bb6523536-1">
</div>
<div class="comment-form-fields">
<input type="hidden" name="wp_avatar" id="wordpress-avatar" class="comment-meta-wordpress" value="">
<input type="hidden" name="wp_user_id" id="wordpress-user_id" class="comment-meta-wordpress" value="">
<input type="hidden" name="wp_access_token" id="wordpress-access_token" class="comment-meta-wordpress" value="">
<p class="comment-form-posting-as pa-wordpress">
<strong></strong> You are commenting using your <span class="skimlinks-unlinked">WordPress.com</span> account. <span class="comment-form-log-out">
( <a href="javascript:HighlanderComments.doExternalLogout( 'wordpress' );">Log Out</a> /
<a href="#" onclick="if (!window.__cfRLUnblockHandlers) return false; javascript:HighlanderComments.switchAccount();return false;">Change</a> ) </span>
<span class="pa-icon"><svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24">
<rect x="0" fill="none" width="24" height="24"></rect>
<g>
<path fill="#0087be"
d="M12.158 12.786l-2.698 7.84c.806.236 1.657.365 2.54.365 1.047 0 2.05-.18 2.986-.51-.024-.037-.046-.078-.065-.123l-2.762-7.57zM3.008 12c0 3.56 2.07 6.634 5.068 8.092L3.788 8.342c-.5 1.117-.78 2.354-.78 3.658zm15.06-.454c0-1.112-.398-1.88-.74-2.48-.456-.74-.883-1.368-.883-2.11 0-.825.627-1.595 1.51-1.595.04 0 .078.006.116.008-1.598-1.464-3.73-2.36-6.07-2.36-3.14 0-5.904 1.613-7.512 4.053.21.008.41.012.58.012.94 0 2.395-.114 2.395-.114.484-.028.54.684.057.74 0 0-.487.058-1.03.086l3.275 9.74 1.968-5.902-1.4-3.838c-.485-.028-.944-.085-.944-.085-.486-.03-.43-.77.056-.742 0 0 1.484.114 2.368.114.94 0 2.397-.114 2.397-.114.486-.028.543.684.058.74 0 0-.488.058-1.03.086l3.25 9.665.897-2.997c.456-1.17.684-2.137.684-2.907zm1.82-3.86c.04.286.06.593.06.924 0 .912-.17 1.938-.683 3.22l-2.746 7.94c2.672-1.558 4.47-4.454 4.47-7.77 0-1.564-.4-3.033-1.1-4.314zM12 22C6.486 22 2 17.514 2 12S6.486 2 12 2s10 4.486 10 10-4.486 10-10 10z">
</path>
</g>
</svg></span>
</p>
</div>
</div>
</div>
<div id="comment-form-twitter" class="comment-form-service">
<div class="comment-form-padder">
<div class="comment-form-avatar">
<img src="https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=retro&forcedefault=y&r=G" alt="Twitter picture" width="25" class="no-grav grav-hashed grav-hijack" id="grav-ad516503a11cd5ca435acc9bb6523536-2">
</div>
<div class="comment-form-fields">
<input type="hidden" name="twitter_avatar" id="twitter-avatar" class="comment-meta-twitter" value="">
<input type="hidden" name="twitter_user_id" id="twitter-user_id" class="comment-meta-twitter" value="">
<input type="hidden" name="twitter_access_token" id="twitter-access_token" class="comment-meta-twitter" value="">
<p class="comment-form-posting-as pa-twitter">
<strong></strong> You are commenting using your Twitter account. <span class="comment-form-log-out"> ( <a href="javascript:HighlanderComments.doExternalLogout( 'twitter' );">Log Out</a> /
<a href="#" onclick="if (!window.__cfRLUnblockHandlers) return false; javascript:HighlanderComments.switchAccount();return false;">Change</a> ) </span>
<span class="pa-icon"><svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24">
<rect x="0" fill="none" width="24" height="24"></rect>
<g>
<path fill="#1DA1F2"
d="M22.23 5.924c-.736.326-1.527.547-2.357.646.847-.508 1.498-1.312 1.804-2.27-.793.47-1.67.812-2.606.996C18.325 4.498 17.258 4 16.078 4c-2.266 0-4.103 1.837-4.103 4.103 0 .322.036.635.106.935-3.41-.17-6.433-1.804-8.457-4.287-.353.607-.556 1.312-.556 2.064 0 1.424.724 2.68 1.825 3.415-.673-.022-1.305-.207-1.86-.514v.052c0 1.988 1.415 3.647 3.293 4.023-.344.095-.707.145-1.08.145-.265 0-.522-.026-.773-.074.522 1.63 2.038 2.817 3.833 2.85-1.404 1.1-3.174 1.757-5.096 1.757-.332 0-.66-.02-.98-.057 1.816 1.164 3.973 1.843 6.29 1.843 7.547 0 11.675-6.252 11.675-11.675 0-.178-.004-.355-.012-.53.802-.578 1.497-1.3 2.047-2.124z">
</path>
</g>
</svg></span>
</p>
</div>
</div>
</div>
<div id="comment-form-facebook" class="comment-form-service">
<div class="comment-form-padder">
<div class="comment-form-avatar">
<img src="" alt="Facebook photo" width="25" class="no-grav">
</div>
<div class="comment-form-fields">
<input type="hidden" name="fb_avatar" id="facebook-avatar" class="comment-meta-facebook" value="">
<input type="hidden" name="fb_user_id" id="facebook-user_id" class="comment-meta-facebook" value="">
<input type="hidden" name="fb_access_token" id="facebook-access_token" class="comment-meta-facebook" value="">
<p class="comment-form-posting-as pa-facebook">
<strong></strong> You are commenting using your Facebook account. <span class="comment-form-log-out"> ( <a href="javascript:HighlanderComments.doExternalLogout( 'facebook' );">Log Out</a> /
<a href="#" onclick="if (!window.__cfRLUnblockHandlers) return false; javascript:HighlanderComments.switchAccount();return false;">Change</a> ) </span>
<span class="pa-icon"><svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24">
<rect x="0" fill="none" width="24" height="24"></rect>
<g>
<path fill="#3B5998"
d="M20.007 3H3.993C3.445 3 3 3.445 3 3.993v16.013c0 .55.445.994.993.994h8.62v-6.97H10.27V11.31h2.346V9.31c0-2.325 1.42-3.59 3.494-3.59.993 0 1.847.073 2.096.106v2.43h-1.438c-1.128 0-1.346.537-1.346 1.324v1.734h2.69l-.35 2.717h-2.34V21h4.587c.548 0 .993-.445.993-.993V3.993c0-.548-.445-.993-.993-.993z">
</path>
</g>
</svg></span>
</p>
</div>
</div>
</div>
<div id="comment-form-load-service" class="comment-form-service">
<div class="comment-form-posting-as-cancel"><a href="javascript:HighlanderComments.cancelExternalWindow();">Cancel</a></div>
<p>Connecting to %s</p>
</div>
</div>
<script type="text/javascript">
var highlander_expando_javascript = function() {
function hide(sel) {
var el = document.querySelector(sel);
if (el) {
el.style.setProperty('display', 'none');
}
}
function show(sel) {
var el = document.querySelector(sel);
if (el) {
el.style.removeProperty('display');
}
}
var input = document.createElement('input');
var comment = document.querySelector('#comment');
if (input && comment && 'placeholder' in input) {
var label = document.querySelector('.comment-textarea label');
if (label) {
var text = label.textContent;
label.parentNode.removeChild(label);
comment.setAttribute('placeholder', text);
}
}
// Expando Mode: start small, then auto-resize on first click + text length
hide('#comment-form-identity');
hide('#comment-form-subscribe');
hide('#commentform .form-submit');
if (comment) {
comment.style.height = '10px';
var handler = function() {
comment.style.height = HighlanderComments.initialHeight + 'px';
show('#comment-form-identity');
show('#comment-form-subscribe');
show('#commentform .form-submit');
HighlanderComments.resizeCallback();
comment.removeEventListener('focus', handler);
};
comment.addEventListener('focus', handler);
}
}
if (document.readyState !== 'loading') {
highlander_expando_javascript();
} else {
document.addEventListener('DOMContentLoaded', highlander_expando_javascript);
}
</script>
<div id="comment-form-subscribe" style="display: none;">
<p class="comment-subscription-form"><input type="checkbox" name="subscribe" id="subscribe" value="subscribe" style="width: auto;"> <label class="subscribe-label" id="subscribe-label" for="subscribe" style="display: inline;">Notify me of new
comments via email.</label></p>
<p class="post-subscription-form"><input type="checkbox" name="subscribe_blog" id="subscribe_blog" value="subscribe" style="width: auto;"> <label class="subscribe-label" id="subscribe-blog-label" for="subscribe_blog"
style="display: inline;">Notify me of new posts via email.</label></p>
</div>
<p class="form-submit" style="display: none;"><input name="submit" type="submit" id="comment-submit" class="submit button" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="2360" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="e9a56df88b"></p>
<input type="hidden" name="genseq" value="1680804505">
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1680804509740">
<script type="text/javascript">
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>GET https://lalmohan.co.nz/
<form method="get" id="searchform" action="https://lalmohan.co.nz/" role="search">
<label for="s" class="assistive-text">Search</label>
<input type="text" class="field" name="s" id="s" placeholder="Search …">
<input type="submit" class="submit" name="submit" id="searchsubmit" value="Go">
</form>POST https://subscribe.wordpress.com
<form action="https://subscribe.wordpress.com" method="post" accept-charset="utf-8" data-blog="45444740" data-post_access_level="everybody" id="subscribe-blog">
<p id="subscribe-email">
<label id="subscribe-field-label" for="subscribe-field" class="screen-reader-text"> Email Address: </label>
<input type="email" name="email" style="width: 95%; padding: 1px 10px" placeholder="Email Address" value="" id="subscribe-field" required="">
</p>
<p id="subscribe-submit">
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="45444740">
<input type="hidden" name="source" value="https://lalmohan.co.nz/2020/02/10/create-and-install-a-san-certificate-subject-alternative-name-in-windows-without-third-party-tools/">
<input type="hidden" name="sub-type" value="widget">
<input type="hidden" name="redirect_fragment" value="subscribe-blog">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="f276673609"> <button type="submit" class="wp-block-button__link"> Follow </button>
</p>
</form>POST https://subscribe.wordpress.com
<form method="post" action="https://subscribe.wordpress.com" accept-charset="utf-8" style="display: none;">
<div class="actnbr-follow-count">Join 111 other followers</div>
<div>
<input type="email" name="email" placeholder="Enter your email address" class="actnbr-email-field" aria-label="Enter your email address">
</div>
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="45444740">
<input type="hidden" name="source" value="https://lalmohan.co.nz/2020/02/10/create-and-install-a-san-certificate-subject-alternative-name-in-windows-without-third-party-tools/">
<input type="hidden" name="sub-type" value="actionbar-follow">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="f276673609">
<div class="actnbr-button-wrap">
<button type="submit" value="Sign me up"> Sign me up </button>
</div>
</form><form id="jp-carousel-comment-form">
<label for="jp-carousel-comment-form-comment-field" class="screen-reader-text">Write a Comment...</label>
<textarea name="comment" class="jp-carousel-comment-form-field jp-carousel-comment-form-textarea" id="jp-carousel-comment-form-comment-field" placeholder="Write a Comment..."></textarea>
<div id="jp-carousel-comment-form-submit-and-info-wrapper">
<div id="jp-carousel-comment-form-commenting-as">
<fieldset>
<label for="jp-carousel-comment-form-email-field">Email (Required)</label>
<input type="text" name="email" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-email-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-author-field">Name (Required)</label>
<input type="text" name="author" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-author-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-url-field">Website</label>
<input type="text" name="url" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-url-field">
</fieldset>
</div>
<input type="submit" name="submit" class="jp-carousel-comment-form-button" id="jp-carousel-comment-form-button-submit" value="Post Comment">
</div>
</form>POST
<form method="post">
<input type="submit" value="Close and accept" class="accept"> Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use. <br> To find out more, including how to control cookies, see here: <a href="https://automattic.com/cookies/" rel="nofollow">
Cookie Policy </a>
</form>Text Content
Get me outta here!
CITRIXOLOGY
BY LAL MOHAN
MENU
Skip to content
* About Me
* Citrix
* Citrix Cloud
* NetScaler
* WEM & UPM
* XenApp & XenDesktop
* Citrix Storefront
* WVD
* VMware
* Workspace One
CREATE AND INSTALL A SAN CERTIFICATE (SUBJECT ALTERNATIVE NAME) IN WINDOWS
WITHOUT THIRD-PARTY TOOLS
February 10, 2020 by Lal Mohan
i
64 Votes
There are times you would want to create a SAN (Subject Alternative Name)
certificate for your deployments in the organization. This is a much more secure
approach as compared to using a wildcard as it allows only a limited number of
servers to send and receive traffic. Unless you specifically compromise one of
the machines specified in the certificate, it’s too hard to impersonate and do
any real harm.
In this blog post, I will show you how to create a CSR (Certificate Signing
Request) using any Windows machine in the organization that’s domain joined and
subsequently, use the request file to issue a certificate using the internal
Certification Authority (CA) server.
CREATE A CERTIFICATE SIGNING REQUEST (CSR)
The first step is to create a CSR file and you can use any domain joined Windows
server in the organization. I have used the Citrix Storefront server in this
example.
Open the MMC console and add the Certificate snap-in to it as Local Computer.
Right Click Personal node on the left and Select All Tasks –> Advanced
Operations –> Create Custom Request
Choose Proceed without enrollment policy and Click Next. Choose No Template
Legacy Key for compatibility reasons. Use PKCS#10
Click Next and click Properties
Give a friendly name for the certificate and a description. Ensure that you hit
Apply as soon as you are done with the tab.
Click on Subject tab and add all the hostnames under “Alternative Name“
Under Subject Name, enter the Common Name (CN), Organizational Unit (OU),
Organization (O), State (S) and Country (C) values. Click Apply
Under the Extensions tab, expand Extended Key Usage (application policies) and
select Server Authentication and Client Authentication
Click Apply
Under the Private Key tab, set the Key size to 2048 under Key options
> P.S – Using a key size of 4096 or above will cause issues with NetScaler
> monitors failing if VPXs are used. MPXs don’t have this issue.
Tick Make Private Key exportable
Select Exchange as the Key type
Click Apply. Click OK
Select a location to save the file. Choose the file format as Base 64
Click Finish
SEND THE CERTIFICATE REQUEST
Now navigate to the URL of the internal Certificate Authority (CA) server.
Replace your CA server name for the <certauthority> value.
https://certauthority/certsrv
* Click the Request a Certificate link.
* Click the Advanced certificate request link.
* Click Submit a certificate.
* Paste the contents of your CSR file into the Saved Request text box. (Open
the CSR file (with a .req extension) in Notepad and copy the contents without
any leading or trailing spaces.)
* For the Certificate Template drop-down list, select Web Server.
* Click Submit.
You get the below once you click submit.
ISSUE THE CERTIFICATE
* Connect to the server where the Certification Authority is installed, if
necessary.
* Select Start > Control Panel > Administrative Tools > Certification
Authority.
* In the Certification Authority (Local) tree, select Your Domain Name >
Pending Requests.
* Select the CSR in the right navigation pane.
* In the Action menu, select the ID number of the request > Issue.
* Close the Certification Authority window.
DOWNLOAD THE CERTIFICATE
* In your web browser address bar, type the IP address of the server where the
Certification Authority is installed, followed by certsrv.
* Click the View the status of a pending certificate request link.
* Select the certificate request with the time and date you submitted.
* Select the encoding format for the downloaded certificate, such as Base 64
for a PEM certificate.
* Click Download CA certificate to save the certificate. The certificate will
have .CER extension
INSTALL THE CERTIFICATE
* Navigate to the server where the certificate needs to be installed.
* Open a MMC console as Administrator and add Certificate snap-in under Local
Computer
* Expand Personal node and right click the Certificates node.
* Select All Tasks –> Import
* Click Next
* Locate the downloaded certificate file
* Click Next
* Place it under Personal node
* Click Next
* Click Finish
Note – The installed certificate in Certificate MMC shows a little key symbol
and a badge. You gotta see these 2 things for the certificate to work or show up
in IIS Manager in later steps.
EXPORT THE CERTIFICATE AS A .PFX FILE
Now, you need to export the certificate as a PFX file so that this could be
installed on all the other servers which doesn’t have any clue of the privaty
key used while requesting the CSR. If you recall, we did the CSR from one of the
Storefront servers. The PFX certificate files contains the private key which is
paramount for SSL deployments.
* Navigate to the server where the certificate has been already installed.
* Open a MMC console as Administrator and add Certificate snap-in under Local
Computer
* Expand Personal node and right click the Certificates node.
* Select All Tasks –> Export
* Click Next
* Export the private key
* Click Next
* Under the Personal Interchange Format, PKCS#12, Tick all except for “delete
the private key after successful export”
* Click Next
* Give it a password of your choice (make sure that you remember this; This is
required for installing the certs on other servers)
* Specify a file name to save it in a location
* Click Next
* Click Finish
BIND THE WEBSITE IN IIS
* Open IIS Manager and expand the Server name and choose the Default Web Site
* Under Actions, select Bindings
* Add the https and select the newly installed certificate
* Click OK
Install the exported PFX certificate on the other servers and change the binding
to https following the steps above. That’s all to it folks.
If there is anything that’s unclear, please feel free to comment or provide
feedback in the comment section below.
SPREAD THE LOVE:
* Twitter
* Facebook
* LinkedIn
* Pinterest
* Reddit
* Email
* Print
* Pocket
* Tumblr
*
LIKE THIS:
Like Loading...
RELATED
NETSCALER VPX MONITOR ERROR – TIMEOUT DURING SSL HANDSHAKE STAGE
I came across this by accident while setting up NetScaler GSLB for a Citrix
solution for one of my customers. The service groups in NetScaler were giving an
error message for the monitoring probes - https and CITRIX-XD-DDC (both secure).
The NetScaler was VPX running 11.1.63.9nc firmware. Last response: failure…
March 10, 2020
In "Netscaler"
STOREFRONT LOAD BALANCING USING NETSCALER
It's been a while since I wrote on my blog so let's get straight into the post
without much mucking around. This time we will discuss how to go about setting
up Storefront load balancing using NetScalers. This can be configured on a
standalone NetScaler or a NetScaler pair in…
July 4, 2018
In "Citrix Storefront"
XENAPP & XENDESKTOP 7.X – CITRIX DIRECTOR LOAD BALANCING USING NETSCALER
Here is a quick and easy way to load balance your Citrix Director instances in a
XenApp or XenDesktop environment. Below is my environment Citrix Director
servers ( Controller servers in most cases) - director-1 and director-2 A
NetScaler HA pair ( you can do this on a stand alone…
February 26, 2016
In "Citrix Storefront"
Citrix Storefront Citrix Virtual Apps and Desktops CVAD XenApp XenApp 7.5
XenDesktop 7 certificate Signing request creationcreate a CSRIIS bindinginstall
a SAN certificateinstall a subject alternative name certificateSAN
certificatesecurity 3 Comments
POST NAVIGATION
← How to find list of applications published on individual Citrix / VDA servers?
NetScaler VPX monitor error – Timeout during SSL handshake stage →
3 THOUGHTS ON “CREATE AND INSTALL A SAN CERTIFICATE (SUBJECT ALTERNATIVE NAME)
IN WINDOWS WITHOUT THIRD-PARTY TOOLS”
1. Todd Hayward says:
July 30, 2021 at 7:14 AM
0
0
i
Rate This
Great write-up. Could you do a concise article for how to setup the MS CA
for doing java code signing (required for Oracle and java keystores).
Thanks!
Reply
2. Manoj says:
February 11, 2020 at 4:17 AM
0
0
i
Rate This
Hello Mohan,
Thanks for your blog post on how to create SAN certs – step by step.
It would be doubly nice if someone could create a powershell script that can
do the above.
Reply
* Lal Mohan says:
February 11, 2020 at 11:38 AM
0
0
i
Rate This
I will work on something similar but you will still need to key in a lot
of information during the CSR request stage. Other than that, it can be
automated reasonably well..
Reply
LEAVE A REPLY CANCEL REPLY
Fill in your details below or click an icon to log in:
*
*
*
*
Email (required) (Address never made public)
Name (required)
Website
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
Cancel
Connecting to %s
Notify me of new comments via email.
Notify me of new posts via email.
Δ
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Search
TRANSLATE THIS BLOG
Powered by Translate
FOLLOW BLOG VIA EMAIL
Email Address:
Follow
RECENT POSTS
* Implement Rate Limiting on NetScalers (Citrix ADCs)
* Integrate Azure MFA with NetScaler Gateway for Two-Factor Authentication
* Microsoft Windows Virtual Desktops (WVD) or Citrix – The Big
Question answered!
* Desktop Restart – Citrix Storefront Power Management
* Citrix Machine Creation Services (MCS) – Primer For On-Prem Vs Azure
CITRIX BLOGS
* Want to reduce your HDX bandwidth usage by up to 15%? Try this!
* Citrix MSP leverages industry-only solution to troubleshoot ChromeOS devices
* Citrix DaaS + ChromeOS: Greater clinician productivity, effectiveness while
reducing TCO
* Learn about Stratodesk’s secure endpoint OS solution for healthcare at
HIMSS23
* The prescription to secure endpoints in healthcare is IGEL OS
* Seamless printing for Citrix deployments with Tricerat’s ScrewDrivers
* What’s new with Citrix — March 2023
* App Layering in Azure 2023 and beyond
* ControlUp + Citrix: Delivering virtual healthcare access
* Revolutionize the clinical workspace environment with Unicon and Citrix VDI
NETSCALER ROCKS!!
* An error has occurred; the feed is probably down. Try again later.
GOOGLE CLOUD PLATFORM
* Expand your multicloud resume with new courses and skill badges
* Do the numbers: How AI is helping revolutionize accounting
* How Dataplex can improve data auditing, security, and access management
* Monitor the health of your VM fleets in the Compute Engine console
* Maximize your startup investment with Cloud Operations, Cloud Billing and
Customer Care
* Google named a 2023 Strong Performer in the Gartner Peer Insights™ Voice of
the Customer for Security Information and Event Management
* Cloud Load Balancing: A comprehensive solution for secure and private access
to Cloud Run services
* Innovators Plus subscribers on fast track to Google Cloud certification
* Data Cloud & AI Summit round-up: What’s new in Cloud SQL
* Google Cloud Deploy adds canary and parallel deployment support
TRENDING
* How to allow remote users to enroll smartcard certificates on a YubiKey over
an HDX session for certificate lifecycle management using Citrix Virtual Apps
and Desktops Service
* FIDO Alliance Authenticate conference session recap on Citrix Workspace
strong authentication with FIDO2
* A deep dive into the Citrix HDX FIDO2 and Windows Hello optimized virtual
channel with virtual desktops and apps using USB, NFC, BLE, and built-in
authenticators
* Using Windows Hello FIDO2 capability with web browsers, Microsoft WVD, Teams,
and native Windows apps for passwordless logins using your fingerprint or
face
* How to use Azure AD Conditional Access to add a Terms of Use EULA to Citrix
Workspace, Microsoft WVD, Office 365, and SaaS apps
* How to report on Microsoft Authenticator password-less phone sign-in & FIDO2
security key usage using Azure AD & Azure Monitor Log Analytics
* How to use FIDO2 security keys remotely inside a virtual desktop session
hundreds of miles away using Citrix HDX USB redirection and Microsoft Azure
AD
* Work from home reality and making positive IT decisions in response to the
COVID-19 Coronavirus pandemic
* How to use Microsoft WVD, Windows 10 multi-session, FSLogix, & MSIX app
attach to build an Azure-powered virtual desktop experience
* Driving Modern Passwordless Authentication: Citrix Workspace and Microsoft
Azure Active Directory
CITRIX GURU
* A look at the upcoming Citrix Identity Platform improvements in Citrix Cloud
* TOP 10 upcoming features in Citrix Cloud [2019]
* Citrix Managed Desktops Service is a glimpse into the future of Citrix Cloud
services
* I’ve tested Nutanix Xi Frame and it is…
* Everything you need to know about WVD, Windows 10 EVD and Citrix
* EUC Masters Retreat 2019: the conference you want to attend
* Renewed as Citrix Technology Professional (CTP) for 2019
* First words from the 2019 Citrix Technology Professionals
* LTSR vs. CR: Citrix wants customers off LTSR
* Ultimate Citrix App Layering Guide 2019
MICROSOFT AZURE BLOG
* Discover an Azure learning community with Microsoft Learn rooms
* Defend against DDoS attacks with Azure DDoS IP Protection
* The Net Zero journey: Why digital twins are a powerful ally
* Announcing Azure Firewall enhancements for troubleshooting network
performance and traffic visibility
* What’s new in Azure Data & AI: Azure is built for generative AI apps
* Microsoft Cost Management updates—March 2023
* Enhanced Azure Arc integration with Datadog simplifies hybrid and multicloud
observability
* Modernize your apps and accelerate business growth with AI
* Connect, secure, and simplify your network resources with Azure Virtual
Network Manager
* Introducing GPT-4 in Azure OpenAI Service
AMAZON AWS
* New – Self-Service Provisioning of Terraform Open-Source Configurations with
AWS Service Catalog
* AWS Supply Chain Now Generally Available – Mitigate Risks and Lower Costs
with Increased Visibility and Actionable Insights
* AWS Week in Review: Public Preview of Amazon DataZone and AWS DataSync
Updates – April 3, 2023
* New – Ready-to-use Models and Support for Custom Text and Image
Classification Models in Amazon SageMaker Canvas
* Simplify Service-to-Service Connectivity, Security, and Monitoring with
Amazon VPC Lattice – Now Generally Available
* Amazon GuardDuty Now Supports Amazon EKS Runtime Monitoring
* Announcing General Availability of Step-by-Step Guides for Amazon Connect
Agent Workspace
* How French Broadcaster TF1 Used AWS Cloud Technology and Expertise to Bring
the FIFA World Cup to Millions
* AWS Application Migration Service Major Updates: Import and Export Feature,
Source Server Migration Metrics Dashboard, and Additional Post-Launch Actions
* Amazon Chime SDK Call Analytics: Real-Time Voice Tone Analysis and Speaker
Search
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8276401289208186
BLOG STATS
* 658,558 hits
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8276401289208186
ARCHIVES
Archives Select Month March 2021 June 2020 May 2020 April 2020 March 2020
February 2020 January 2020 September 2019 August 2019 July 2019 January 2019
August 2018 July 2018 February 2018 September 2017 June 2017 May 2017 January
2017 November 2016 March 2016 February 2016 October 2015 September 2015 April
2015 March 2015 January 2015 December 2014 November 2014 October 2014 August
2014 July 2014 June 2014 May 2014 April 2014 February 2014 January 2014
September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 January 2013
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8276401289208186
Create a website or blog at WordPress.com
* Follow Following
* Citrixology
Join 111 other followers
Sign me up
* Already have a WordPress.com account? Log in now.
* * Citrixology
* Customize
* Follow Following
* Sign up
* Log in
* Copy shortlink
* Report this content
* View post in Reader
* Manage subscriptions
* Collapse this bar
Loading Comments...
Write a Comment...
Email (Required) Name (Required) Website
%d bloggers like this:
Privacy & Cookies: This site uses cookies. By continuing to use this website,
you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
Advertisements
Powered by wordads.co
We've received your report.
Thanks for your feedback!
Seen too often
Not relevant
Offensive
Broken
Report this ad
ORIGINAL TEXT
Contribute a better translation
--------------------------------------------------------------------------------