Friday, October 16, 2015

Generate a Certificate Signing Request (CSR) without IIS

Generate a Certificate Signing Request (CSR)

  1. Log in as an administrator
  2. From a command prompt or the run menu:
    1. To create the certificate in the local machine store (recommended):
      1. Type mmc
      2. On the File menu, click Add/Remove Snap-in.  Click Certificates in the left pane, then click Add.  
      3. Select Computer Account, then click Next.
      4. Select Local Computer, then click Finish.  
      5. Click OK.  
  3. In the left pane expand Certificates (Local Computer), expand  Personal, then click Certificates.  
  4. On the Action menu, click All Tasks, then click Advanced Operations, then click Create Custom Request.
  5. Click Next.
  6. Select Proceed without enrollment policy.  Click Next.
  7. In the Template menu, select (No template) CNG key, and verify that Suppress default extensions is not selected.  (Note:  Some software may not be compatible with CNG keys.
  8. Under Request Format, select PKCS #10.  Click Next.  
  9. Click the arrow next to Details to expand the selection.  Click Properties.  
  10. On the General tab, provide a Friendly name and Description for the certificate.  These can be anything you want.  
  11. On the Subject tab, in the Subject name box:
    1. In the Type menuselect Common name
    2. In the Type menuselect Organization.
    3. In the Type menu, select Organizational Unit.
    4. In the Type menu, select Street Address.
    5. In the Type menu, select City.
    6. In the Type menuselect State.
    7. In the Type menuselect Country.
  12. (Optional) If you want to restrict how this certificate can be used, you can select the appropriate options under Key usage and Extended Key Usage on the Extensions tab.  
  13. On the Private Key tab, expand Cryptographic Service Provider.  Select RSA, Microsoft Software Key Storage Provider.  Make sure no other options are selected. 
  14. On the Private Key tab, expand Key Options.  
  15. In the Key size menu, select a value of at least 2048.  
  16. Select Make private key exportable.
  17. Click OK.
  18. Click Next.
  19. Choose a file name and location for the CSR.  Select Base 64.  Click Finish

For more detailed information and how to add a SAN, check out the Microsoft Technet page below.

How to Request a Certificate With a Custom Subject Alternative Name

https://technet.microsoft.com/en-us/library/ff625722%28v=ws.10%29.aspx