Generate a CSR from Windows Server using the certificate MMC
Generate a CSR from Windows Server using the certificate MMC
Certificate MMC access
- Run the MMC either from the start menu or via the run tool accessible fom the WIN+R shortcut.
- Click on File - Add/Remove Snap-in.
- Select Certificats in the left panel and click on Add.
- In the new window, click on Computer Account.
- Select Local Computer then click on Finish.
- Complete the adding dialog by clicking OK.
Request generation
- In the certificate management console, select in the folder tree Certificates - Personnal - Certificates. In the certificate list, in the central panel, right click then select All Tasks - Advanced Operations - Create Custom Request.
- In the new windows, select Proceed without enrollment policy under Custom Request then click Next.
- Select (No Template) CNG Key as the template and PKCS #10 as the request format. Then, click Next.
- Develop the details by clicking the arrow and click on Properties.
- In the properties window, in the tab General, enter a Friendly Name that will be displayed in your certificate management interfaces and optionally, a description.
- In the Subject tab, in the Subject Name box, add the attributes to be added to the certificate, then click on Add to add them to the request.
- A standard certificate will generally contain the CN, O, L, ST, and C fields.
- In the Private Key tab, you can choose the CSP, the key formats, and its options.
- For a RSA key, we recommend a key size of 2048bits. We also reocomment the SHA256 hash algorithm for the CSR signature.
- You can also generate ECC keys using this tool. Attention, you will need to sign your CSR using SHA256.
- Once the properties dialog has been completed, you can resume the CSR generation and finish the request after having chosen a file name and directory. It is important to choose the Base 64 format.
Additional Links
SOURCE: https://www.tbs-certificates.co.uk/FAQ/en/windows-csr-mmc.html