IT Consultant Everyday Notes

Just some problems/solutions storage

Monthly Archives: June 2015

Lync: Request certificate for Reverse Proxy

First of all, Microsoft has an article for that.

But, the article did not work for me – Entrust needed additional fields (like Country, Locality) filled and for some reasons all my CSRs had 1024 key request even though I put 2048 in MMC Wizard.

Finally I decided to do it old way, via .inf file and certreq tool.

here is .inf file I created:

SNAGHTML4b3b961

Note: the CSR requests SHA-1 certificate. Microsoft supports SHA-1 until 2017. You can tweak it to request SHA-2 cert.

PKI: How to clean faulty Certificate Request

I recently needed to update an Entrust certificate on my Lync Reverser Proxy. Lync does not have a Wizard to generate CSR so I used Microsoft KB https://technet.microsoft.com/en-us/library/gg429704(v=ocs.15).aspx to generate it. Unfortunately KB does not say you need to add Country, Locality and other information and CSR generated failed on Entrust. I added information, but in this case CSR failed because of key length – it has 1024 even though I put 2048. so I end up with several faulty CSRs. How to clean them out? Google search brought me some powershell scripts. Looked a bit too complex. Finally I found an answer on ExpertExchange.

You can basically use certificates MMC (local machine store) and delete unwaneted CSRs there. After that remove CSR files from location where you saved them.

SNAGHTML4a65622