This topic contains 2 replies, has 2 voices, and was last updated by
February 15, 2016 at 7:02 pm #35287ParticipantTopics: 2Replies: 2Points: 0Rank: Member
I am trying to use the xExchange resource, however it requires a credentials to work. I tried to duplicate the Workstation Auth template. I don't think I configured it correctly. Does anyone have detailed configuration for the template so I can correct issue a certificate that will work?
I also tried making a self-signed and it was giving me issues as well.
I ran this first one from a PowerShell book about DSC, but it returned an error saying the -eku was not correct.
makecert -r -pe -n "CN=Exch01.contoso.local" -eku 18.104.22.168.22.214.171.124.2 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv Exch01.pvk Exch01.cer
Encryption certificates must contain the Data Encipherment or Key Encipherment key usage, and include the
Document Encryption Enhanced Key Usage (126.96.36.199.4.1.311.80.1).
I created a new cert using the -eku from the error and that didn't work either, same error as above.
makecert -r -pe -n "CN=Exch01.contoso.local" -eku 188.8.131.52.4.1.311.80.1 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv Exch01.pvk Exch01.cer
February 16, 2016 at 2:09 am #35293ParticipantTopics: 2Replies: 2Points: 0Rank: Member
I actually got it to work today, it was the configdata format that was causing issues. Finally was able to use a certificate from the CA. There isn't much modification required after duplicating the template!
November 1, 2016 at 12:55 pm #56584ParticipantTopics: 21Replies: 43Points: 2Rank: Member
Could you be more specific on how you were able to create a template for the DSC encryption certificate?
The steps needed?
The topic ‘Help with DSC AD CA Template’ is closed to new replies.