Topics Map > Security
Topics Map > Infrastructure > Virtual Machines
Topics Map > Communication & Collaboration > Website Services > Microsoft IIS

How do I generate a CSR from Windows using the certificate MMC Certificate MMC access?

How to Generate a CSR from Windows using the certificate MMC Certificate MMC access

Generate a CSR from Windows using the certificate MMC Certificate MMC access


1. Run the MMC either from the start menu or via the run tool accessible from the WIN+R shortcut.

open MMC


2. Click on File - Add/Remove Snap-in.
Add Snaping

3. Select Certificates in the left panel and click on Add.

select certificates in MMC

4. In the new window, click on Computer Account.

Click Computer Account

5. Select Local Computer then click on Finish.
Select Local Computer

6. Complete the adding dialog by clicking OK.

Click OK

Request CSR generation


1. In the certificate management console, select in the folder tree Certificates - Personal - Certificates. In the certificate list, in the central panel, right click then select All Tasks - Advanced Operations - Create Custom Request.
Create Custom Request

2. In the new windows, select Proceed without enrollment policy under Custom Request then click Next.
Create Custom Request


3. Select (No Template) CNG Key as the template and PKCS #10 as the request format. Then, click Next.
Select No Template


4. Develop the details by clicking the down arrow and click on Properties.
Click on Properties

5. In the properties window, in the tab General, enter a Friendly Name that will be displayed in your certificate management interfaces and optionally, a description.
Enter Friendly Name

6. In the Subject tab, in the Subject Name box, add the attributes to be added to the certificate, then click on Add to add them to the request. The six types are needed, and details are in the following link: https://accc.uic.edu/answer/how-do-i-obtain-ssl-certificate
Add subject name attributes


7. A standard certificate will generally contain the CN, O, OU, L, S, and C fields.

NOTE: If you’re making a certificate that you intend to be valid for multiple domains or hostnames, enter the Subject Alternative Names as a DNS type in the Alternative Name’s box. For example, if you’re creating a certificate that should be valid for host1.server.uic.edu and host1.ahs.uic.edu, enter host1.ahs.uic.edu as an Alternative Name.

Add necessary attributes

8. In the Private Key tab, click on the down arrow of Key options. For a RSA key, we recommend a key size of 2048bits. We also recommend the SHA256 hash algorithm for the CSR signature. Note: Check "make private key exportable" box to be able to export the key.
Add Private Key Options


9. Once the properties dialog has been completed, you can resume the CSR generation and finish the request after having chosen a file name and directory. It is important to choose the Base 64 format.

save CSR

10. Follow the instructions to email a CSR to certmgr@uic.edu : https://accc.uic.edu/answer/how-do-i-obtain-ssl-certificate

NOTE: The above process involves purchasing an SSL certificate from Webstore as a unit purchase and, including in the email to certmgr, the generated .req file along with the hostname(s) of the machine you’re generating the certificate for (not the machine it was generated on) and what platform this certificate is for (e.g. apache). For our case, saying it’s for IIS seems to work.


11. You should receive an email from certmgr that contains links to download your completed certificate in several formats. Be sure to download the certificate in the PKCS#7 Base64 encoded format and copy it to an easy to remember location on the machine you generated the request from.

12. Open up a command prompt as admin (search for cmd and right click on the icon that is displayed and select “run as administrator”.)

13. Next, navigate to the location where you downloaded your certificate and type “certreq -accept ” without quotations. Export the certificate from the Windows MMC console

Export the certificate from the Windows MMC console


Note: After completing the CSR process, you can export the certificate and send it to ACCC so that it can be applied to your domain name managed by ACCC. Follow the same steps of Certificate MMC access to open the certificate service console from mmc.

1. Click the plus sign next to Certificates in the left pane.

Find Certificate to export

2. Click the plus sign next to the Personal folder and click on the Certificates folder. Right-click on the certificate you would like to export and select All Tasks and then Export...
Export certificate

3. In the Certificate Export Wizard click Next.
click Next

4. Choose "Yes, export the private key" and click Next.
click next

5. Click the checkbox next to "Include all certificates in the certification path if possible" and click Next.
Click Next

6. Enter and confirm a password. This password will be needed whenever the certificate is imported to another server.
Add Password

7. Click Browse and find a location to save the .pfx file to. Type in a name such as "mydomain.pfx" and then click Next.
Enter Filename

8. Click Finish. The .pfx file containing the certificates and the private key is now saved to the location you specified.
Click finish


9. Once the certificate has been exported, please send  the certificate and password as a PEAR message to whoever is working on your ticket to have it applied to your site/server/software (https://accc.uic.edu/answer/how-do-i-send-files-securely-others-university). Alternatively, the certificate can be hosted on a less secure platform, such as box, provided the password is sent via a more secure channel (e.g. phone, text, PEAR, etc.)



Keywords:CSR, Request, Certificate, SSL   Doc ID:91333
Owner:Scott R.Group:University of Illinois at Chicago ACCC
Created:2019-04-25 11:49 CDTUpdated:2019-09-18 15:48 CDT
Sites:University of Illinois at Chicago ACCC
Feedback:  3   1