Generate a CSR in Windows

Background

In some situations it may be necessary to create a Certificate-Signing Request within Windows. There are many different ways to create a CSR within Windows but the tool outlined on this page is bundled with Windows and doesn’t require any additional software.

Steps

  • Open notepad
  • Paste in the contents below and save as certificate-request.inf
  • Replace CountryCode, CompanyName and domain.com with the correct information

[Version]
Signature=”$Windows NT$”

[NewRequest]
Subject = “C=CountryCode, O=CompanyName, CN=domain.com

KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1

  • Open a command prompt window
  • Issue the following command to create the CSR

certreq -new certificate-request.inf certificate-request.csr

  • Open the CSR file in notepad. The contents within this file is the CSR that needs to be provided to the Certificate Authority.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.