Topics Map > Security
Topics Map > Infrastructure > Virtual Machines
Topics Map > Communication & Collaboration > Website Services > Microsoft IIS
How do I generate a CSR from Windows using the certificate MMC Certificate MMC access?
Generate a CSR from Windows using the certificate MMC Certificate MMC access
1. Run the MMC either from the start menu or via the run tool accessible from the WIN+R shortcut.
2. Click on File - Add/Remove Snap-in.
3. Select Certificates in the left panel and click on Add.
4. In the new window, click on Computer Account.
5. Select Local Computer then click on Finish.
6. Complete the adding dialog by clicking OK.
Request CSR generation
1. In the certificate management console, select in the folder tree Certificates - Personal - Certificates. In the certificate list, in the central panel, right click then select All Tasks - Advanced Operations - Create Custom Request.
2. In the new windows, select Proceed without enrollment policy under Custom Request then click Next.
3. Select (No Template) CNG Key as the template and PKCS #10 as the request format. Then, click Next.
4. Develop the details by clicking the down arrow and click on Properties.
5. In the properties window, in the tab General, enter a Friendly Name that will be displayed in your certificate management interfaces and optionally, a description.
6. In the Subject tab, in the Subject Name box, add the attributes to be added to the certificate, then click on Add to add them to the request. The six types are needed, and details are in the following link: https://accc.uic.edu/answer/how-do-i-obtain-ssl-certificate
7. A standard certificate will generally contain the CN, O, OU, L, S, and C fields.
NOTE: If you’re making a certificate that you intend to be valid for multiple domains or hostnames, enter the Subject Alternative Names as a DNS type in the Alternative Name’s box. For example, if you’re creating a certificate that should be valid for host1.server.uic.edu and host1.ahs.uic.edu, enter host1.ahs.uic.edu as an Alternative Name.
8. In the Private Key tab, click on the down arrow of Key options. For a RSA key, we recommend a key size of 2048bits. We also recommend the SHA256 hash algorithm for the CSR signature. Note: Check "make private key exportable" box to be able to export the key.
9. Once the properties dialog has been completed, you can resume the CSR generation and finish the request after having chosen a file name and directory. It is important to choose the Base 64 format.
10. Follow the instructions to email a CSR to email@example.com : https://accc.uic.edu/answer/how-do-i-obtain-ssl-certificate
NOTE: The above process involves purchasing an SSL certificate from Webstore as a unit purchase and, including in the email to certmgr, the generated .req file along with the hostname(s) of the machine you’re generating the certificate for (not the machine it was generated on) and what platform this certificate is for (e.g. apache). For our case, saying it’s for IIS seems to work.
11. You should receive an email from certmgr that contains links to download your completed certificate in several formats. Be sure to download the certificate in the PKCS#7 Base64 encoded format and copy it to an easy to remember location on the machine you generated the request from.
12. Open up a command prompt as admin (search for cmd and right click on the icon that is displayed and select “run as administrator”.)
13. Next, navigate to the location where you downloaded your certificate and type “certreq -accept
” without quotations.
Export the certificate from the Windows MMC console