How To: Create a CSR File for Ordering a Certificate for vPro Provisioning

Version 19

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    How to create a Certificate Signing Request file (CSR) that can be cut and pasted into Certificate vendor's web site for requesting a SSL certificate:


    ***Non public domains like .local will no longer receive certificates from CAs. See the link below for more information.***

    Global changes in legislation regarding SAN SSL Certificates


    A CSR file is used by a third party Certificate vendor to create a certificate with the information provided.  The command line below will create the certreq.csr and corecakey.pem file in the directory that the amtprovmgr2 executable resides.  The CSR file that is generated will be 2048 bits. 


    Change directory to: Program Files\LANDesk\ManagementSuite\amtprov

    Execute with the following command changing the values to match your company

    .\AMTProvMgr2.exe -domainName -country US -state "Utah" -city "Salt Lake City" -organization "LANDesk Software Inc."


    Note: -domainName should be your LDMS Core's FQDN.

             -organization does not depict the Organization Unit of the CSR. AMTProvMgr2.exe will set the Organization Unit to "Intel(R) Client Setup Certificate" This is the value that is needed when the certificate is created or the zero touch provisioning will fail.


    Before sending the CSR to the vendor there are web sites that can be used to decode the file such as CSR Decoder  or openssl (found on the core in the .\LANDesk\Shared Files\Keys directory) commands to validate the file:

    OPENSSL.exe command:

    openssl req -in certreq.csr -noout -text


    The command above run on LANDesk 8.8 SP4 and LDMS 9.0 would result in:


    CSR Information:
    Common Name:

    Organization: Landesk

    Organization Unit: Intel(R) Client Setup Certificate

    Locality: Salt Lake City

    State: Utah

    Country: US

    Key Size: 2048 bit


    Once the CSR file has been created and verified the certificate vendor can be contacted and following the steps provided by them to complete the purchase.



    Let the Certificate vendor know that this cert will be used with Intel vPro Provisioning.


    Be sure to keep a copy of the corecakey.pem file as this is required in order to utilize the Certificate sent to you from the Vendor.