Chad McGreanor's Blog

Engineers Notebook

«
»

Create Standalone Certificate request for #Lync/TMG 2010 Reverse Proxy

Posted by Chad McGreanor on July 6, 2011

Below are the steps to create a standalone certificate request from the TMG 2010 server in order to generate a CSR for a Public CA.

    1. Open Certificate MMC
    2. Expand Personal > Certificates
    3. Right – Click Certificates then All Tasks then Advanced Operations Then Create Custom Request
    4. Select Next
    5. clip_image001
    6. Select Proceed without enrollment policy
    7. clip_image002
    8. Select No template legacy Key
    9. clip_image003
    10. Select Properties
    11. Enter a friendly name
    12. clip_image004
    13. On the Subject tab enter the Common Name and Alternative names
    14. clip_image005
    15. On the extensions tab under Key Usage choose Digital Signature and Key encipherment
    16. clip_image006
    17. Under extended key usage choose Server Authentication and Client Authentication
    18. clip_image007
    19. Under the private key tab under key options choose key size and select 2048 and select private key exportable
    20. clip_image008
    21. Under Key type choose Exchange and ensure that the key size above is set to 2048
    22. clip_image009
    23. Select OK, Choose path to save and provide the CSR to a Public CA and then import into the Personal store.
Advertisement

This entry was posted on July 6, 2011 at 8:40 AM and is filed under Microsoft, Microsoft Lync Server 2010, Unified Communications, Windows Server 2008 R2. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Create Standalone Certificate request for #Lync/TMG 2010 Reverse Proxy”

  1. Rasmus said

    December 13, 2011 at 1:15 PM

    Great post, exactly what I needed.
    I submitted the CSR and got a CRT file back – only it didn’t contain the private key, so now I have a cert with the correct SANs but no private key.
    Could you add to this post how to import the CA’s generated certificate?

    Thank you.

    Reply

  2. Rasmus said

    December 13, 2011 at 11:50 PM

    Never mind, I must have done something wrong the first time I tried. The second time, the certificate response from the CA could be imported by right-clicking the “Personal” folder in the Certificates snap-in and selecting Import. Once again thanks for a good guide.

    Reply

  3. Nick said

    December 16, 2011 at 9:55 AM

    I love you!!!! I have been looking for this for weeks!!

    Reply

  4. Patrick Yore (@pyore) said

    December 27, 2011 at 5:32 PM

    Hi Chad,
    Great article, one thing I am trying to generate a csr for Comodo and I keep getting error saying “This CSR uses an unsupported key size!” even though I am selecting 2048 which is supported by Comodo. Would you have any ideas?

    Reply

    • Chad McGreanor said

      January 2, 2012 at 8:47 PM

      Sorry I do not. I use GoDaddy for all certificates.

      Reply

    • Rasmus said

      January 3, 2012 at 3:54 AM

      Patrick: I experienced that the Key size is reset to 1024 bits when changing Key Type to Exchange. You may be running into the same problem. Check that it is still 2048 bits before clicking OK.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

«
»
 
Follow

Get every new post delivered to your Inbox.

Join 101 other followers