Creating custom certificate requests - Genetec Mission Control™ 2.13.3.0

Genetec Mission Control™ Deployment Guide 2.13.3.0

series
Genetec Mission Control™ 2.13.3.0
revised_modified
2020-07-15

If you choose to integrate third-party certificates into RabbitMQ, you must make a certificate signing request (CSR).

Procedure

To request a certificate signing request (CSR) file:

  1. Open Windows Console:
    1. In the Windows search box, type Run.
    2. In the Run dialog box, type mmc.exe.
      The Console window opens.
  2. Open the Add/Remove Snap-in task by selecting File > Add/Remove Snap-in.
  3. Add certificates from the Available snap-ins list to the Selected snap-ins list:
    1. Select the required certificates.
    2. Click Add.
    3. In the Certificates snap-in dialog box, select Computer account and click Next.
    4. Select Local computer and click Finish.
      You are directed back to the Add or Remove Snap-ins window.
  4. Click OK.
    Certificates (Local Computer) is added under Console Root in the Console window.

To enroll the certificates:

  1. In the Console window, expand the newly added Certificates entry.
  2. Navigate to Certificates (Local Computer) > Personal > Certificates.
  3. Right-click the Certificates folder and select All Tasks > Advanced Operations > Create Custom Request.
    The Certificate Enrollment window opens.
  4. Click Next.
  5. Select Proceed without enrollment policy and click Next.
  6. Select the following parameters and then click Next:
    • From the Template list, select (No template) Legacy key.
    • Select PKCS#10 for Request format.
    The Certificate Enrollment dialog box shows the certificate information.
  7. Expand the Details and then click Properties.
  8. In the Certificate properties dialog box, click the Subject tab and enter the following details:
    • From the Type list, select Common name.
    • In the Value field, enter <YourServerName>.<YourCompanyDomain.com>.
    IMPORTANT: The common name you enter must match the fully qualified domain name of the server. For example, if the hostname of your server is Server1 and your domain is MyCompany.com, then the fully qualified domain name of your server would be Server1.MyCompany.com.
  9. Click the Extensions tab and perform the following actions:
    1. Expand Key usage and add the following options to the Selected options list:
      • Digital Signature
      • Key agreement
    2. Expand Extend key usage (application policies) and add the following to the Selected options list:
      • Server Authentication
      • Client Authentication
  10. Click the Private Key tab and set the following properties:
    1. Expand Key type and select Exchange.
    2. Expand Key options, set Key size to 2048, and select Make private key exportable.
    3. Expand Cryptographic Service Provider and select Microsoft RSA SChannel Cryptographic Provider (Encryption).
      This is the last option on the list.
  11. Click Apply and then click OK.
  12. In the Certificate Enrollment dialog box, click Next, and save your certificate request:
    1. Select a name and destination for your file.
    2. Choose Base 64 for the File format.
  13. Click Finish.
    Your request file is saved in the .csr format.

After you finish

  • Send your request file to your IT department or external certificate authority for processing.
  • After the certificate has been generated, you can import it and apply it to your server.