Version:


Table of Contents

Download PDF
Copy Link

Prepare the domain controller certificate request

A domain controller certificate signed by a FortiAuthenticator must be enrolled into the domain controller before you can configure the domain user smart card logon. You need to include Information from the current domain controller (DNS, GUID, and so on) in the certificate request file to generate the domain controller certificate.

A VBScript, ReqDCCert.vbs, is located in Appendix A. You can use this script to generate associated files automatically.

To use this script
  1. Copy this file to a folder on the domain controller server.

  2. Open a Windows PowerShell as an Administrator.

  3. Enter the command:

    sccript reqdccert.vbs FTK300 E

    where:

    • FTK300 is the template name created in the previous steps.

    • E must be included to add the GUID.

    • Server files that start with the name of DC will be created in the same folder.

    Figure 1: Example of files created

    In the file list above, WIN-URHHR09LI24 is the domain controller name.

  4. Use Notepad to open one of the INF files.

  5. Add the following line to the [NewRequest] section:

    Subject = "CN=vm-lab.vm-eb.com"

    where vm-lab.vm-eb.com is the Domain Name of the DC in this example. Change this for your domain name.

  6. Use the following command on DC server to create the certificate request

    Certreq –new WIN-URHHR09LI24.inf WIN-URHHR09LI24.req

    where WIN-URHHR09LI24 is the name of the file in this example. Change this for your file name.

A Certificate Signing Request will be generated in the same folder.

Prepare the domain controller certificate request

A domain controller certificate signed by a FortiAuthenticator must be enrolled into the domain controller before you can configure the domain user smart card logon. You need to include Information from the current domain controller (DNS, GUID, and so on) in the certificate request file to generate the domain controller certificate.

A VBScript, ReqDCCert.vbs, is located in Appendix A. You can use this script to generate associated files automatically.

To use this script
  1. Copy this file to a folder on the domain controller server.

  2. Open a Windows PowerShell as an Administrator.

  3. Enter the command:

    sccript reqdccert.vbs FTK300 E

    where:

    • FTK300 is the template name created in the previous steps.

    • E must be included to add the GUID.

    • Server files that start with the name of DC will be created in the same folder.

    Figure 1: Example of files created

    In the file list above, WIN-URHHR09LI24 is the domain controller name.

  4. Use Notepad to open one of the INF files.

  5. Add the following line to the [NewRequest] section:

    Subject = "CN=vm-lab.vm-eb.com"

    where vm-lab.vm-eb.com is the Domain Name of the DC in this example. Change this for your domain name.

  6. Use the following command on DC server to create the certificate request

    Certreq –new WIN-URHHR09LI24.inf WIN-URHHR09LI24.req

    where WIN-URHHR09LI24 is the name of the file in this example. Change this for your file name.

A Certificate Signing Request will be generated in the same folder.