How to create a Certificate Signing Request file (CSR) that can be cut and pasted into Certificate vendor's web site for requesting a SSL certificate:
***Non public domains like .local will no longer receive certificates from CAs. See the link below for more information.***
A CSR file is used by a third party Certificate vendor to create a certificate with the information provided. The command line below will create the certreq.csr and corecakey.pem file in the directory that the amtprovmgr2 executable resides. The CSR file that is generated will be 2048 bits.
Change directory to: Program Files\LANDesk\ManagementSuite\amtprov
Execute with the following command changing the values to match your company
.\AMTProvMgr2.exe -domainName landesk.com -country US -state "Utah" -city "Salt Lake City" -organization "LANDesk Software Inc."
Note: -domainName should be your LDMS Core's FQDN.
-organization does not depict the Organization Unit of the CSR. AMTProvMgr2.exe will set the Organization Unit to "Intel(R) Client Setup Certificate" This is the value that is needed when the certificate is created or the zero touch provisioning will fail.
Before sending the CSR to the vendor there are web sites that can be used to decode the file such as CSR Decoder or openssl (found on the core in the .\LANDesk\Shared Files\Keys directory) commands to validate the file:
openssl req -in certreq.csr -noout -text
The command above run on LANDesk 8.8 SP4 and LDMS 9.0 would result in:
Common Name: Landesk.com
Organization Unit: Intel(R) Client Setup Certificate
Locality: Salt Lake City
Key Size: 2048 bit
Once the CSR file has been created and verified the certificate vendor can be contacted and following the steps provided by them to complete the purchase.
Let the Certificate vendor know that this cert will be used with Intel vPro Provisioning.
Be sure to keep a copy of the corecakey.pem file as this is required in order to utilize the Certificate sent to you from the Vendor.