Request a certificate for Message Connector using Microsoft Active Directory Certificate Services
In this example, Microsoft Active Directory Certificate Services are used to generate a certificate for Message Connector and OpenSSL to extract the private key and certificate. Review the following requirements and tips.
-
Microsoft Certification Services
-
Server must be configured for https binding (https://[CAName]/certsrv/)
-
Server must be configured to archive the key
-
Create a template which allows to export the private key
-
-
OpenSSL is used for
-
Exporting a decrypted private key
-
Creating a PKCS#12 file
-
-
Use Microsoft Certification Services to request a certificate:
- Use a web browser to connect to the CA Server (https://CAName/certsrv).
-
Click
Request a certificate
. -
Click
advanced certificate request
. -
Click
Create and submit a request to this CA
. -
Fill out the form, select the correct Certificate Template and select
Mark keys as exportable
. Enter the correct Message Connector server name in the Name field (for Windows Failover Cluster configuration, use the name of the clustered MC service). - Click Submit. Wait until the certificate is issued.
-
Click
Install this certificate
. Wait until the certificate is installed.
-
Use Internet Explorer to export the certificate:
- Go to Tools > Internet Options > Content > Certificates > Personal tab.
- Select your certificate and click Export.
- Select to export the private key. Select PKCS #12 as the format.
- Type a password to protect the key.
- Specify the location and file name. Click Finish.
-
Use OpenSSL to extract the private key and the certificate to .pem format For example:
openssl.exe pkcs12 -in "c:\certif.pfx" -out "c:\certif.pem" -nodes
Provide the password used in step 2d.
- Open the pem file in a text editor. In the file, you will find the certificate and private key needed for configuring Message Connector. See Configure SSL connection.