Skip to main content
Skip table of contents

Export Microsoft CA / SubCA certificate from Certification Authority for renewing Veridium CA

Using a new CA certificate into Veridium Service require the usage of a pkcs12/pem/.p12 certificate.

Newly exported certificate will allow customer to use his own proprietary CA certificate in the network components or devices located between WAN and Veridium Servers.

All new devices certificates issued during the smartphone, workstations enrollment and authentication will use the updated certificate provided by the customer from his infrastructure.

Once the steps from this guide are performed, checking exported certificate should provide below features:

X509v3 Basic Constraints: critical
            X509v3 Key Usage: critical
                Certificate Sign
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication

Steps to obtain certificate from CA or SubCA

  1. Connect with enterprise domain administrator rights to any of the trusted and online CA’s of the domain

    1. When online CA isn’t available, any of the trusted subCA’s of domain must be used.

  2. Open Certification Authority (certsrv.msc) from the domain controller

  3. Connect to CA or Subordinate CA’s

  4. Select CA or Sub CA → right click → All Tasks → Back up CA

    1. Press Next

    2. Select Private Key and CA certificate

    3. Select location folder where the certificate will be saved

    4. Press next

    5. Create a new strong password and press next

    6. Press finish to complete the process

    7. Certificate is available now to be imported into computer certificate store for later export of pkcs12 certificate

    8. This operation requires opening certlm.msc - Trusted Certification Authorities

    9. Idendify your CA or SubCA certificate → select it-> Right click → All Tasks → Export

    10. Press Next

    11. Select Base-64 x509 (.CER)

    12. Choose your export folder location and give a name for the file → Save

    13. Next

    14. Newly created certificate will be available for import

    15. Open certlm.msc → Personal Certificate store and import your certificate

    16. Select your certificate → Right Click → Export

    17. Select → Yes, export the private key

    18. Confirm PKCS12 information which will be included in the certificate → Press Next

    19. Assign a strong password and choose encryption AES256-SHA256 to your certificate then → Next

    20. Save the file by giving it a name → Next → Finish

    21. Communicate to Veridium team the new certificate and password to be imported into Veridium Servers

    22. Next steps will be performed on Veridium Servers and should be defined if not existent into other security devices of customer network ( such as import in F5/Netscaler etc)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.