• Home
  • |
  • Blog
  • |
  • How To Create A CSR For The SCOM Certificate?
Create a CSR for the SCOM Certificate

Infra teams know how SCOM is important for them. SCOM has made their life easier by providing them centralized management of workstations and servers. To centrally manage the servers and workstations from the SCOM, all those devices will have to report to the SCOM server. SCOM can manage the machines connected to the domain using the default Kerberos protocol over the ports 5723 & 5724. But, all the devices are not part of the same domain. Or, may not be joined to any domains. In such cases, SCOM manages the untrusted or workgroup clients using digital certificates. IT admin should create a CSR on the workgroup computers and submit it to the CA server to get a SCOM certificate for the workgroup computers. Let’s share the procedure how to create a CSR for the SCOM certificate.

How To Create A CSR For The SCOM Certificate?

Time needed: 5 minutes.

to create a CSR in a Windows server?

  1. Open MMC in Windows server

    Hit Win + R to open the Run utility
    Type mmc in the box.
    Press Ok.
    Open mmc in Windows Server

  2. Add Certificate Snap-in

    Go to File > Add/Remove Snap-in..Add Certificate Snap-in

  3. Select Certificates and press Add

    Certificate Snap-in

  4. Select the User or Computer Certificate snap-in

    Select the snap-in which you want to create the certificate. For demonstration we are choosing Compute account.
    Click Next.
    Select Computer account

  5. Select Local Computer

    Select local computer as you are going to create CSR on the same computer.
    Click Finish.Select Local Computer

  6. Select Certificate (Local Computer) and click Ok

    Select Local Computer snap-in

  7. Create Custom Request

    Access your MMC snap in > right click the Personal folder.
    Select All Tasks > Advanced Operations > Create Custom Request.

  8. CSR generation wizard

    The CSR generation wizard will open > Click Next.CSR generation wizard

  9. Proceed Active Directory enrollment policy

    Select the option to Active Directory enrollment policy > Click Next.

    Active Directory enrollment policy

  10. Click Next at the PKCS # 10 window.


    Active Directory enrollment policy

  11. Edit Active Directory enrollment policy Properties

    From the Details drop-down menu > Click Properties.

    Edit Active Directory enrollment policy Properties

  12. General settings in certificate properties
    Give a friendly name as you need.

    Give a name

  13. Add the subject name and alternate subject name in the subject setting of the certificate properties:

    Access the Subject tab > in the Subject name: select the types from the dropdown list and add the values required for your CSR.

    Example:
    CN
    = <Comptername.corp.du.ae>
    DNS = <Computername>

    subject name and alternate subject name in the subject setting of the certificate properties

  14. Key usage Extension settings in certificate properties:

    Expand the ‘key usage‘ under the Extension properties.
    Add ‘Digital Signature‘ & ‘Key encipherment

    Key usage ertificate properties

  15. Extended Key usage Extension settings in certificate properties:

    Expand the ‘ Extended key usage‘ under the Extension properties.
    Add ‘Server Authentication‘ & ‘Client Authentication

    Extended Key usage Extension settings in certificate properties

  16. Cryptographic service provider settings in certificate properties
    Expand ‘Cryptographic service provider’
    Select ‘Microsoft Enhanced Cryptographic Provider’

    Cryptographic service provider settings in certificate properties

  17. Set Private Key settings in certificate properties

    Select Key size: 2048 and check the option to Make private key exportable > Click OK.

    Set Private Key settings in certificate properties

  18. Save the CSR file to a location.

    Select Base 64 and Click Next > Click Browse.Save CSR file

  19. Select a location to save the CSR file. Enter a name for the file and click Save.

    Chose location to save CSR file

  20. Click Finish.

    Fisish

  21. The CSR file will be present at the location you saved it and can be used to request the SSL certificate as needed.


    A typical CSR file will look like this.

    CSR sample file

You can request a SCOM certificate by submitting the CSR to your certificate authority and get a signed digital certificate for your workgroup computer.

Thanks for reading this post. We believe we have answered the question ‘How to create a CSR for the SCOM certificate?‘ in this post.

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.