Generate a CSR from Windows Server using the certificate MMC

Generate a CSR from Windows Server using the certificate MMC

Generate a CSR from Windows Server using the certificate MMC

Certificate MMC access

  • Run the MMC either from the start menu or via the run tool accessible fom the WIN+R shortcut.
    Opening the MMC
  • Click on File - Add/Remove Snap-in.
    Adding a Snap-in
  • Select Certificats in the left panel and click on Add.
    Adding the certificate Snap-in
  • In the new window, click on Computer Account.
    Selecting Computer Account
  • Select Local Computer then click on Finish.
    Selecting the Local Computer
  • Complete the adding dialog by clicking OK.

Request generation

  • In the certificate management console, select in the folder tree Certificates - Personnal - Certificates. In the certificate list, in the central panel, right click then select All Tasks - Advanced Operations - Create Custom Request.
  • In the new windows, select Proceed without enrollment policy under Custom Request then click Next.
  • Select (No Template) CNG Key as the template and PKCS #10 as the request format. Then, click Next.
  • Develop the details by clicking the arrow and click on Properties.
  • In the properties window, in the tab General, enter a Friendly Name that will be displayed in your certificate management interfaces and optionally, a description.
  • In the Subject tab, in the Subject Name box, add the attributes to be added to the certificate, then click on Add to add them to the request.
  • A standard certificate will generally contain the CN, O, L, ST, and C fields.
  • In the Private Key tab, you can choose the CSP, the key formats, and its options.
  • For a RSA key, we recommend a key size of 2048bits. We also reocomment the SHA256 hash algorithm for the CSR signature.
  • You can also generate ECC keys using this tool. Attention, you will need to sign your CSR using SHA256.
  • Once the properties dialog has been completed, you can resume the CSR generation and finish the request after having chosen a file name and directory. It is important to choose the Base 64 format.

Additional Links

SOURCE: https://www.tbs-certificates.co.uk/FAQ/en/windows-csr-mmc.html

Comments are closed.