This article is apart of Service Fabric installation topics. Check out the topic here for Install
a Secured Service Fabric with Certficates and Install a Secured Service Fabric with gMSA.
The following steps will show you how to generate a certificate with a custom option from CA server. Here I
generated a certificate with:
-
- Common name: sf.hbd.net
- Friendly name: sf.hbd.net
- Description: sf.hbd.net
- Template: Web Server
- Extensions: Server Authentication, Client Authentication
- Private Key: Exportable
I. Create Certificate Request
Open Microsoft Management Console (Start -> Run -> MMC) and then add Certificates and
Certification Authority Snap-in to Local Machine.
| 1. The Microsoft Management Console | 2. Under Certificates\Personal: Right click and select Create Custom Request. |
|---|---|
 |
 |
| 3. On the template screen, select Web Server and Request format is PKCS #10. | 4. There is a Properties button under Details section on next screen. |
|---|---|
 |
 |
Click Properties button and fulling up a few following information:
| 1. Subject | 2. General |
|---|---|
 |
 |
| Provides the CN and DNS | Provides the friendly name and description |
| 3.Extenrions (*) | 4. Key Options |
|---|---|
 |
 |
| Ensure the above Authentications are selected. | Make private key exportable |
The step 3 above is an important step which a allow users using this certification as Client authentication
to access to the servers.
Click Next and save the Certificate request to a file.
After this step, The request file is saved to the desktop folder. The next steps will show how to generate a new
certificate from that requested file.
II. Generate Certificate
-
- Right click on CA server name under Certification Authority and select Submit new request…
- Right click on CA server name under Certification Authority and select Submit new request…
| 2. Import the file have been created on previous steps. | 3. CA server will create a new cert and allows to save it back as a file. |
|---|---|
 |
 |
After this step, The certificate is saved to the desktop folder. Bellow steps are showing how to generate the
PFX file.
III. Export to PFX file.
-
- Go back to Certificates and import the Cert file from step II into Personal.
-
- The cert should be displayed as above with expected information.
-
- Exporting the certificate to a PFX file.
- Exporting the certificate to a PFX file.
-
- The cert should be displayed as above with expected information.
-
- Go back to Certificates and import the Cert file from step II into Personal.
Congratulations, You are successfully generated the certificates with custom options and exported to the PFX
files.