How do I generate a CSR from Windows using the certificate MMC Certificate MMC access?
Generate a CSR from Windows using the certificate MMC Certificate MMC access
1.Run the MMC either from the start menu or via the run tool accessible from the WIN+R shortcut.
2.Click on File - Add/Remove Snap-in.
3.Select Certificates in the left panel and click on Add.
4.In the new window, click on Computer Account.
5.Select Local Computer then click on Finish.
6.Complete the adding dialog by clicking OK.
Request CSR generation
1.In the certificate management console, select in the folder tree Certificates - Personal - Certificates. In the certificate list, in the central panel, right click then select All Tasks - Advanced Operations - Create Custom Request.
2.In the new windows, select Proceed without enrollment policy under Custom Request then click Next.
3.Select (No Template) CNG Key as the template and PKCS #10 as the request format. Then, click Next.
4.Develop the details by clicking the down arrow and click on Properties.
5.In the properties window, in the tab General, enter a Friendly Name that will be displayed in your certificate management interfaces and optionally, a description.
6.In the Subject tab, in the Subject Name box, add the attributes to be added to the certificate, then click on Add to add them to the request. The six types are needed, and details are found at How do I obtain a TLS or SSL certificate?
7.A standard certificate will generally contain the CN, O, OU, L, S, and C fields.
NOTE: If you’re making a certificate that you intend to be valid for multiple domains or hostnames, enter the Subject Alternative Names as a DNS type in the Alternative Name’s box. For example, if you’re creating a certificate that should be valid for host1.server.uic.edu and host1.ahs.uic.edu, enter host1.ahs.uic.edu as an Alternative Name.
8.In the Private Key tab, click on the down arrow of Key options. For an RSA key, we recommend a key size of 2048bits. We also recommend the SHA256 hash algorithm for the CSR signature. Note: Check "make private key exportable" box to be able to export the key.
9.Once the properties dialog has been completed, you can resume the CSR generation and finish the request after having chosen a file name and directory. It is important to choose the Base 64 format.
10.Follow the instructions at How do I obtain a TLS or SSL certificate?
11.You will receive an email that contains links to download your completed certificate in several formats. Be sure to download the certificate in the PKCS#7 Base64 encoded format and copy it to an easy to remember location on the machine you generated the request from.
12.Open up a command prompt as admin (search for cmd and right click on the icon that is displayed and select “run as administrator”.)
13.Next, navigate to the location where you downloaded your certificate and type “certreq -accept ” without quotations. Export the certificate from the Windows MMC console
Export the certificate from the Windows MMC console
Note: After completing the CSR process, you can export the certificate and send it to Technology Solutions so that it can be applied to your domain name managed by Technology Solutions. Follow the same steps of Certificate MMC access to open the certificate service console from mmc.
1.Click the plus sign next to Certificates in the left pane.
2.Click the plus sign next to the Personal folder and click on the Certificates folder. Right-click on the certificate you would like to export and select All Tasks and then Export...
3.In the Certificate Export Wizard click Next.
4.Choose "Yes, export the private key" and click Next.
5.Click the checkbox next to "Include all certificates in the certification path if possible" and click Next.
6.Enter and confirm a password. This password will be needed whenever the certificate is imported to another server.
7.Click Browse and find a location to save the .pfx file to. Type in a name such as "mydomain.pfx" and then click Next.
8.Click Finish. The .pfx file containing the certificates and the private key is now saved to the location you specified.
9.Once the certificate has been exported, please send the certificate and password as a PEAR message to whoever is working on your ticket to have it applied to your site/server/software. Alternatively, the certificate can be hosted on a less secure platform, such as Box, provided the password is sent via a more secure channel (e.g. phone, text, PEAR, etc.) See How do I send files securely to others at the university?