Microsoft Active Directory LDAP (2012)

Microsoft Active Directory LDAP (2012): SSL Certificate CSR Creation

These instructions are for Microsoft Active Directory LDAP on a Windows Server 2012/2012R2.

For Microsoft Active Directory LDAP on a Windows Server 2008/2008R2 instructions, see
Microsoft Active Directory LDAP (2008): SSL Certificate CSR Creation.

If you already used the DigiCert® Certificate Utility for Windows to generate your CSR, DigiCert has already issued your SSL Certificate, and just need to use the utility to install the certificate on your Microsoft Active Directory (AD) Lightweight Directory Access Protocol (LDAP) Server, see Microsoft Active Directory LDAP (2012): SSL Certificate Installation.

If you already have your .pfx certificate file and just need to install it, see Microsoft AD LDAP (2012): Importing Your Certificate .pfx File into the AD DS Personal Store on the Microsoft Active Directory LDAP (2012): SSL Certificate Installation page.

Microsoft Active Directory LDAP (2012): Using the DigiCert Certificate Utility to Generate a CSR

Because Microsoft Active Directory (AD) Lightweight Directory Access Protocol (LDAP) server platform does not include an easy GUI method to create a CSR, we recommend that you use the DigiCert® Certificate Utility for Windows to create your CSR. For more information about this tool, see DigiCert® Certificate Utility for Windows.

After you use the utility to generate your CSR, you use it to install your SSL Certificate on your Microsoft Active Directory (AD) Lightweight Directory Access Protocol (LDAP) server. Next, you use the utility to export your certificate as a .pfx file. Finally, you use the Microsoft Management Console (MMC) to import the certificate into the AD DS Personal Store.

Microsoft Active Directory LDAP (2012): Using the DigiCert Certificate Utility to Generate a CSR

On your Windows 2012/2012 R2 LDAP Server, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).
Run the DigiCert® Certificate Utility for Windows.

Double-click DigiCertUtil.
In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), and then, click Create CSR.

On the Create CSR page, enter the following information:

Certificate Type:	Select SSL.

Common Name:	Enter the fully qualified domain name (i.e. www.example.com).
	You may also enter the IP address.

Subject Alternative Names:	If you are requesting a Multi-Domain (SAN) Certificate, enter any SANs that you want to include.
	(i.e. www.example.com, www.example2.com, and www.example3.net)

Organization:	Enter your company’s legally registered name (i.e. YourCompany, Inc.).

Department:	(Optional) Enter the department within your organization that you want to appear on the SSL Certificate.

City:	Enter the city where your company is legally located.

State:	In the drop-down list, select the state where your company is legally located.
	If your company is located outside the USA, you can enter the applicable name in the box.

Country:	In the drop-down list, select the country where your company is legally located.

Key Size:	In the drop-down list, select 2048.

Provider:	In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider,
	unless you have a specific cryptographic provider.

Enter CSR Details

Click Generate.

On DigiCert Certificate Utility for Windows® - Create CSR page, do one of the following, and then, click Close:

Click Copy CSR.	Copies the certificate contents to the clipboard.
	If you use this option, we recommend that you paste the CSR into a tool such as Notepad.
	If you forget and copy some other item, you still have access to the CSR, and you do not have to go back and recreate it.

Click Save to File.	Saves the CSR as a .txt file to the Windows server or workstation.
	We recommend that you use this option.

Copy CSR

Use a text editor to open the file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and enter it into the DigiCert order form.

Note: During your DigiCert SSL Certificate ordering process, make sure that you select Microsoft IIS 8 when asked to Select Server Software. This option ensures that you receive all the required certificates for Microsoft Active Directory LDAP SSL Certificate installation (Intermediate and SSL Certificates).

Ready to Order Your Active Directory LDAP SSL Certificate
Buy Now Learn More
After you receive your SSL Certificate from DigiCert, you can install it.

See Microsoft Active Directory LDAP (2012): SSL Certificate Installation.