Windows Server CA step 3: Sign a certificate signing request (CSR) with your Windows Server CA with AWS CloudHSM
You can use your Windows Server CA with AWS CloudHSM to sign a certificate signing request (CSR). To complete these steps, you need a valid CSR. You can create a CSR in several ways, including the following:
-
Using OpenSSL
-
Using the Windows Server Internet Information Services (IIS) Manager
-
Using the certificates snap-in in the Microsoft Management Console
-
Using the certreq command line utility on Windows
The steps for creating a CSR are outside the scope of this tutorial. When you have a CSR, you can sign it with your Windows Server CA.
To sign a CSR with your Windows Server CA
-
If you haven't already done so, connect to your Windows server. For more information, see Connect to Your Instance in the Amazon EC2 User Guide for Windows Instances.
-
On your Windows server, start Server Manager.
-
In the Server Manager dashboard, in the top right corner, choose Tools, Certification Authority.
-
In the Certification Authority window, choose your computer name.
-
From the Action menu, choose All Tasks, Submit new request.
-
Select your CSR file, and then choose Open.
-
In the Certification Authority window, double-click Pending Requests.
-
Select the pending request. Then, from the Action menu, choose All Tasks, Issue.
-
In the Certification Authority window, double-click Issued Requests to view the signed certificate.
-
(Optional) To export the signed certificate to a file, complete the following steps:
-
In the Certification Authority window, double-click the certificate.
-
Choose the Details tab, and then choose Copy to File.
-
Follow the instructions in the Certificate Export Wizard.
-
You now have a Windows Server CA with AWS CloudHSM, and a valid certificate signed by the Windows Server CA.