IT Consultant Everyday Notes

Just some problems/solutions storage

Monthly Archives: June 2015

Lync: Request certificate for Reverse Proxy

First of all, Microsoft has an article for that.

But, the article did not work for me – Entrust needed additional fields (like Country, Locality) filled and for some reasons all my CSRs had 1024 key request even though I put 2048 in MMC Wizard.

Finally I decided to do it old way, via .inf file and certreq tool.

here is .inf file I created:


Note: the CSR requests SHA-1 certificate. Microsoft supports SHA-1 until 2017. You can tweak it to request SHA-2 cert.


PKI: How to clean faulty Certificate Request

I recently needed to update an Entrust certificate on my Lync Reverser Proxy. Lync does not have a Wizard to generate CSR so I used Microsoft KB to generate it. Unfortunately KB does not say you need to add Country, Locality and other information and CSR generated failed on Entrust. I added information, but in this case CSR failed because of key length – it has 1024 even though I put 2048. so I end up with several faulty CSRs. How to clean them out? Google search brought me some powershell scripts. Looked a bit too complex. Finally I found an answer on ExpertExchange.

You can basically use certificates MMC (local machine store) and delete unwaneted CSRs there. After that remove CSR files from location where you saved them.