Menu
AWS CloudHSM
User Guide

Windows Server CA Step 3: Sign a Certificate Signing Request (CSR) with Your Windows Server CA with AWS CloudHSM

You can use your Windows Server CA with AWS CloudHSM to sign a certificate signing request (CSR). To complete these steps, you need a valid CSR. You can create a CSR in several ways, including the following:

  • Using OpenSSL

  • Using the Windows Server Internet Information Services (IIS) Manager

  • Using the certificates snap-in in the Microsoft Management Console

  • Using the certreq command line utility on Windows

The steps for creating a CSR are outside the scope of this tutorial. When you have a CSR, you can sign it with your Windows Server CA.

To sign a CSR with your Windows Server CA

  1. If you haven't already done so, connect to your Windows server. For more information, see Connect to Your Instance in the Amazon EC2 User Guide for Windows Instances.

  2. On your Windows server, start Server Manager.

  3. In the Server Manager dashboard, in the top right corner, choose Tools, Certification Authority.

  4. In the Certification Authority window, choose your computer name.

  5. From the Action menu, choose All Tasks, Submit new request.

  6. Select your CSR file, and then choose Open.

  7. In the Certification Authority window, double-click Pending Requests.

  8. Select the pending request. Then, from the Action menu, choose All Tasks, Issue.

  9. In the Certification Authority window, double-click Issued Requests to view the signed certificate.

  10. (Optional) To export the signed certificate to a file, complete the following steps:

    1. In the Certification Authority window, double-click the certificate.

    2. Choose the Details tab, and then choose Copy to File.

    3. Follow the instructions in the Certificate Export Wizard.

You now have a Windows Server CA with AWS CloudHSM, and a valid certificate signed by the Windows Server CA.