MachPower:~ tperfitt$ /Applications/Certificate\ Request.app/Contents/Resources/tcscertrequest
tcscertrequest -s <server dns name> -c <name of ca> -t <template name> [-r <csr path>] [-k <path_to_keychain>] [-y] [-m <yubikey_management_key] [-s <yubikey slot]
tcscertrequest is a command line tool to send a certificate request via RPCs to a Microsoft certificate authority.
Options:
-r <csr path> Path to certificate signing request in binary (DER) format. Can use "openssl req -nodes -newkey rsa:2048 -keyout domain.key -out domain.csr -subj '/CN=computername' -outform der" command to generate.
-g <Common Name> Generate CSR with Common Name. Certificate will be generated with RSA 2048 bits SHA512
-n <label> Label in keychain for imported identity
-s <server path> CA Server DNS name.
-c <name of ca> Name of the certificate authority. This is not the server name but the name used in the Common Name of the issuing authority.
-k <path to keychain> keychain to store certificate and private key. Stores in user keychain if not specified.
-y generate key in Yubikey. Requires slot (-l) and management key (-m)
-l <Yubikey slot> Specify yubikey slot. For example, 9a. Requires -y.
-m Yubikey management key. PIN not supported. Must use full management key. Requires -y.
-t <template name> Name of the template to use when signing the certificate. Common template names include User or Machine.
-v Verbose output
Comments (0)
HTTPSSSH
You can clone a snippet to your computer for local editing.
Learn more.