{"id":176,"date":"2022-07-27T16:16:00","date_gmt":"2022-07-27T14:16:00","guid":{"rendered":"https:\/\/zerobotics.de\/blog\/?p=176"},"modified":"2023-07-17T16:32:09","modified_gmt":"2023-07-17T14:32:09","slug":"erstellen-eines-microsoft-ca-certificate-templates-fuer-vsphere-6-x-7-x","status":"publish","type":"post","link":"https:\/\/zerobotics.de\/blog\/erstellen-eines-microsoft-ca-certificate-templates-fuer-vsphere-6-x-7-x\/","title":{"rendered":"Erstellen eines Microsoft CA Certificate Templates f\u00fcr vSphere 6.x\/7.x"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time<\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">Minutes<\/span><\/span>\n<p>Um in unserer Lab Umgebung sinnvoll und &#8222;VMware konform&#8220; einheitliche Zertifikate erstellen zu k\u00f6nnen, die durch eine Microsoft CA signiert sind, war es im voraus notwendig, ein Certificate Template zu erstellen.<\/p>\n\n\n\n<p>Die folgende Anleitung orientiert sich dabei am VMware KB Artikel <a href=\"https:\/\/kb.vmware.com\/s\/article\/2112009\" target=\"_blank\" rel=\"noreferrer noopener\">Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.x\/7.x<\/a><\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Der erste Schritt findet im &#8222;Certificate Templates&#8220; MMC Snap-In statt. Hierzu optimalerweise per RDP auf dem Windows CA Server die <code>mmc.exe<\/code> starten und das <code>Certificate Templates Snap-In<\/code> hinzuf\u00fcgen.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"709\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/grafik-1024x709.png\" alt=\"\" class=\"wp-image-187\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/grafik-1024x709.png 1024w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/grafik-300x208.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/grafik-768x532.png 768w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/grafik-624x432.png 624w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/grafik.png 1151w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>MMC Snap-In for Certificate Templates<\/figcaption><\/figure>\n\n\n\n<p>Das Web Server Template duplizieren:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"444\" height=\"166\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-17.png\" alt=\"\" class=\"wp-image-177\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-17.png 444w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-17-300x112.png 300w\" sizes=\"auto, (max-width: 444px) 100vw, 444px\" \/><figcaption>Duplicate Web Server Template<\/figcaption><\/figure>\n\n\n\n<p>Nun \u00f6ffnet sich das Properties Fenster und wir m\u00fcssen einige Einstellunge anpassen.<\/p>\n\n\n\n<p>Die Kompatibilit\u00e4t auf Windows 7 \/ Windows 2008 R2 stellen. Theoretisch geht&#8217;s auch h\u00f6her, allerdings erh\u00f6ht sich dadurch die Schema Version. Das wiederum hat zur Folge, dass es nicht mehr im Web Enrollment Interface zur Auswahl steht, da hier Templates nur bis Schema Version 2 angezeigt werden. Die tieferen Gr\u00fcnde sind mir unklar, aber nur so hat es funktioniert.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"395\" height=\"557\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-18.png\" alt=\"\" class=\"wp-image-178\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-18.png 395w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-18-213x300.png 213w\" sizes=\"auto, (max-width: 395px) 100vw, 395px\" \/><figcaption>Compatibilty set to Win 2008 R2 \/ Win 7<\/figcaption><\/figure>\n\n\n\n<p>Display\/Template Name unter <strong><code>General<\/code><\/strong> nach Wunsch setzen, in meinem Fall &#8222;VMware&#8220;:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"559\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-24.png\" alt=\"\" class=\"wp-image-185\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-24.png 400w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-24-215x300.png 215w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption>Set Template Name to VMware<\/figcaption><\/figure>\n\n\n\n<p>Unter <code><strong>Extensions &gt;&gt; Applications Policies &gt;&gt; Edit<\/strong><\/code>, dann &#8222;<code><strong>Server Authentication<\/strong><\/code>&#8220; ausw\u00e4hlen &gt;&gt; <strong><code>Remove<\/code><\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"408\" height=\"614\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-20.png\" alt=\"\" class=\"wp-image-180\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-20.png 408w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-20-199x300.png 199w\" sizes=\"auto, (max-width: 408px) 100vw, 408px\" \/><figcaption>Server Authentication must be removed<\/figcaption><\/figure>\n\n\n\n<p>Weiter unter <strong><code>Extensions &gt;&gt; Basic Constraints &gt;&gt; Edit<\/code><\/strong> den Haken bei <code><strong>Enable this extension<\/strong><\/code> setzen:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"411\" height=\"565\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-22.png\" alt=\"\" class=\"wp-image-182\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-22.png 411w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-22-218x300.png 218w\" sizes=\"auto, (max-width: 411px) 100vw, 411px\" \/><figcaption>Basic Constraints &#8211; Enable this extension<\/figcaption><\/figure>\n\n\n\n<p>Auch unter <strong><code>Extensions &gt;&gt; Key Usage &gt;&gt; Edit<\/code><\/strong> den Haken bei <strong><code>Signature is proof of origin<\/code><\/strong> setzen:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"406\" height=\"721\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-19.png\" alt=\"\" class=\"wp-image-179\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-19.png 406w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-19-169x300.png 169w\" sizes=\"auto, (max-width: 406px) 100vw, 406px\" \/><figcaption>Key Usage &#8211; activate Signature is proof of origin<\/figcaption><\/figure>\n\n\n\n<p>Unter <strong><code>Subject Name<\/code><\/strong> sicherstellen, dass <strong><code>Supply in request<\/code><\/strong> aktiv ist:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-21.png\" alt=\"\" class=\"wp-image-181\" width=\"406\" height=\"568\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-21.png 406w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-21-214x300.png 214w\" sizes=\"auto, (max-width: 406px) 100vw, 406px\" \/><figcaption>Subject Name &#8211; Supply in the request<\/figcaption><\/figure>\n\n\n\n<p>Damit sind wir mit den Einstellungen durch und best\u00e4tigen mit OK.<\/p>\n\n\n\n<p>Zum Abschluss muss das Template noch im Certification Authority Snap-In per Rechtsklick auf Certificate Templates &gt;&gt; New &gt;&gt; Certificate Template to issue zu den restlichen Templates hinzugef\u00fcgt werden.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"755\" height=\"611\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-23.png\" alt=\"\" class=\"wp-image-184\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-23.png 755w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-23-300x243.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-23-624x505.png 624w\" sizes=\"auto, (max-width: 755px) 100vw, 755px\" \/><figcaption>Certificate Template to issue<\/figcaption><\/figure>\n\n\n\n<p>Die n\u00e4chsten Schritte f\u00fcr mich sehen so aus, dass ich das Template f\u00fcr alle meine Lab-Zertifikats-Signierungen verwenden m\u00f6chte. Ein erstes Beispiel habe ich mit <a href=\"https:\/\/zerobotics.de\/blog\/2022\/07\/26\/nsx-alb-avi-certificate-signing-request-csr-in-kombination-mit-microsoft-ca\/\" data-type=\"post\" data-id=\"84\">VMware NSX ALB<\/a> in einem Blog Artikel festgehalten.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time<\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">Minutes<\/span><\/span>Um in unserer Lab Umgebung sinnvoll und &bdquo;VMware konform&ldquo; einheitliche Zertifikate erstellen zu k&ouml;nnen, die durch eine Microsoft CA signiert sind, war es im voraus notwendig, ein Certificate Template zu erstellen. Die folgende Anleitung orientiert sich dabei am VMware KB Artikel Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.x\/7.x<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[],"class_list":["post-176","post","type-post","status-publish","format-standard","hentry","category-vmware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/posts\/176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/comments?post=176"}],"version-history":[{"count":6,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/posts\/176\/revisions"}],"predecessor-version":[{"id":298,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/posts\/176\/revisions\/298"}],"wp:attachment":[{"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/media?parent=176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/categories?post=176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/tags?post=176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}