It is sometimes necessary to issue a wildcard certificate from your internal Microsoft CA, I had such a
requirement this week and thought it would make a nice blog post.
The post assumes you have a Enterprise CA already deployed and a web server template deployed
and available for enrolment.
First we need to create the certificate request that will be issued to your CA.
1. Logon to a Windows 2008 R2 or Windows 7 domain member
2. Open the certificates MMC snap-in
6. In the Certificate Enrollment Page select Custom Request > Proceed without enrolment Policy and
then select Next
7. In the Custom Request Page select (No template) Legacy Key from the drop down and then select
Next
8.On the Certificate Information Page select the Details link, then select the Properties button
9. On the General tab complete the Friendly name field and optionally you can add a description for
the certificate.
10. Select the Subject tab and fill in the relevant information as described below
Field
Value
Description
Common Name
*.contoso.com
Organizational
Unit
IT
Organization
Contoso Corp
for.
Location
Seattle
State
WA
Country
US
13. On the Private Key tab set the key size to 4096 and select the option Make private key exportable.
Thats the certificate request file done, which was nice and easy even though there was a number of
steps, we next need to use this request to generate the rest of the certificate on the CA.
21.Open the previously created request file in notepad and copy all the data in it to clipboard.
22. Past the clipboard into the Saved Request box
23. Select the web server template
24. Click submit
25. You might get a popup box asking for confirmation, select yes
When the CA done its job it will offer you the ability to download the certificate
26. Select Base 64 and select Download certificate
Now check in the certificate store you should be a valid certificate with a private key