Generate CSR with MMC

Generate CSR with MMC
Generate CSR with MMC

There are many ways to generate a CSR (Certificate Signing Request) one of them is with IIS. What if you don’t have IIS or you want to be stubborn and not use IIS at all? In this post I will detail step-by-step how to generate a CSR using MMC (Microsoft Management Console).

  • Open MMC
  • Add the Certificates Snap-in
  • Select Computer account and click Next.
  • Select Local computer and click Finish.
  • Click OK
  • Expand out Certificates (Local Computer)
  • Right Click Personal and Select All Tasks > Advanced Operations > Create Custom Request
  • Click Next
  • Select Proceed without enrollment policy and click Next.
  • Select Template (No template) Legacy key and click Next.

Technically you could select the (No template) CNG key however I’ve found that (No template) Legacy key has been much more compatible.

  • Expand Details and click on Properties
  • Give it a Friendly Name for your certificate.
  • Click on Subject and populate the following fields:
    • Common Name (what the SSL certificate will be generated for) this is listed as CN
    • Country (2 letter country code) this is listed as C (the country where the business resides in)
    • Locality (City) this is listed as L (the city where the business resides in)
    • Organization this is listed as O (usually the business name)
    • Organizational Unit this is listed as OU (which department the certificate will be used by. I typically just use IT for it.)
    • Sate (or Province) this is listed as S (the full Sate or Province where the business resides in. No abbreviations.)

Those are usually the bare minimum requirements for most SSL vendors, some CAs (Certificate Authorities) may need more if they do they should list what other information they need.

  • Click on Private Key and expand Key options.
  • Change the Key size to 2048 or higher if needed and select Make private key exportable.
  • Click Apply and then Click OK.
  • Click Next
  • Select a location to save the CSR by clicking Browse.
  • Click Finish to generate your CSR

You have now generated your CSR. You can provide the CSR to your SSL vendor or CA.

When you get the completed SSL certificate from your SSL vendor or CA you must complete it on the same computer you generated the CSR on. After that you can export the certificate and use it on any other systems.

Leave a comment

Your email address will not be published. Required fields are marked *