Generate a Certificate Signing Request (CSR)
- Log in as an administrator
- From a command prompt or the run menu:
- To create the certificate in the local machine store (recommended):
- Type mmc
- On the File menu, click Add/Remove Snap-in. Click Certificates in the left pane, then click Add.
- Select Computer Account, then click Next.
- Select Local Computer, then click Finish.
- Click OK.
- To create the certificate in the local machine store (recommended):
- In the left pane expand Certificates (Local Computer), expand Personal, then click Certificates.
- On the Action menu, click All Tasks, then click Advanced Operations, then click Create Custom Request.
- Click Next.
- Select Proceed without enrollment policy. Click Next.
- In the Template menu, select (No template) CNG key, and verify that Suppress default extensions is not selected. (Note: Some software may not be compatible with CNG keys.
- Under Request Format, select PKCS #10. Click Next.
- Click the arrow next to Details to expand the selection. Click Properties.
- On the General tab, provide a Friendly name and Description for the certificate. These can be anything you want.
- On the Subject tab, in the Subject name box:
- In the Type menu, select Common name.
- In the Type menu, select Organiza
tion. - In the Type menu, select Organizational Unit.
- In the Type menu, select Street Address.
- In the Type menu, select City.
- In the Type menu, select State.
- In the Type menu, select Country.
- (Optional) If you want to restrict how this certificate can be used, you can select the appropriate options under Key usage and Extended Key Usage on the Extensions tab.
- On the Private Key tab, expand Cryptographic Service Provider. Select RSA, Microsoft Software Key Storage Provider. Make sure no other options are selected.
- On the Private Key tab, expand Key Options.
- In the Key size menu, select a value of at least 2048.
- Select Make private key exportable.
- Click OK.
- Click Next.
- Choose a file name and location for the CSR. Select Base 64. Click Finish.
For more detailed information and how to add a SAN, check out the Microsoft Technet page below.