Help with DSC AD CA Template

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Bjørn Roalkvam Bjørn Roalkvam 1 month, 1 week ago.

  • Author
    Posts
  • #35287
    Profile photo of John Plate
    John Plate
    Participant

    Hello,

    I am trying to use the xExchange resource, however it requires a credentials to work. I tried to duplicate the Workstation Auth template. I don't think I configured it correctly. Does anyone have detailed configuration for the template so I can correct issue a certificate that will work?

    P.S.
    I also tried making a self-signed and it was giving me issues as well.
    I ran this first one from a PowerShell book about DSC, but it returned an error saying the -eku was not correct.

    makecert -r -pe -n "CN=Exch01.contoso.local" -eku 1.3.6.1.5.5.7.3.2 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv Exch01.pvk Exch01.cer

    Encryption certificates must contain the Data Encipherment or Key Encipherment key usage, and include the
    Document Encryption Enhanced Key Usage (1.3.6.1.4.1.311.80.1).

    I created a new cert using the -eku from the error and that didn't work either, same error as above.

    makecert -r -pe -n "CN=Exch01.contoso.local" -eku 1.3.6.1.4.1.311.80.1 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv Exch01.pvk Exch01.cer

  • #35293
    Profile photo of John Plate
    John Plate
    Participant

    I actually got it to work today, it was the configdata format that was causing issues. Finally was able to use a certificate from the CA. There isn't much modification required after duplicating the template!

  • #56584
    Profile photo of Bjørn Roalkvam
    Bjørn Roalkvam
    Participant

    Hi John,

    Could you be more specific on how you were able to create a template for the DSC encryption certificate?
    The steps needed?

    brgs

    Bjørn

You must be logged in to reply to this topic.