There are many ways to generate a CSR (Certificate Signing Request) one of them is with IIS. What if you don’t have IIS or you want to be stubborn and not use IIS at all? In this post I will detail step-by-step how to generate a CSR using MMC (Microsoft Management Console).
- Open MMC
- Add the Certificates Snap-in
- Select Computer account and click Next.
- Select Local computer and click Finish.
- Click OK
- Expand out Certificates (Local Computer)
- Right Click Personal and Select All Tasks > Advanced Operations > Create Custom Request
- Click Next
- Select Proceed without enrollment policy and click Next.
- Select Template (No template) Legacy key and click Next.
Technically you could select the (No template) CNG key however I’ve found that (No template) Legacy key has been much more compatible.
- Expand Details and click on Properties
- Give it a Friendly Name for your certificate.
- Click on Subject and populate the following fields:
- Common Name (what the SSL certificate will be generated for) this is listed as CN
- Country (2 letter country code) this is listed as C (the country where the business resides in)
- Locality (City) this is listed as L (the city where the business resides in)
- Organization this is listed as O (usually the business name)
- Organizational Unit this is listed as OU (which department the certificate will be used by. I typically just use IT for it.)
- State (or Province) this is listed as S (the full State or Province where the business resides in. No abbreviations.)
Those are usually the bare minimum requirements for most SSL vendors, some CAs (Certificate Authorities) may need more if they do they should list what other information they need.
- Click on Private Key and expand Key options.
- Change the Key size to 2048 or higher if needed and select Make private key exportable.
- Click Apply and then Click OK.
- Click Next
- Select a location to save the CSR by clicking Browse.
- Click Finish to generate your CSR
You have now generated your CSR. You can provide the CSR to your SSL vendor or CA.
When you get the certificate from your SSL vendor or CA you must complete it on the same computer you generated the CSR on. My post Complete a CSR details all the steps needed to complete the CSR.
After that you can export the certificate and use it on any other systems. My post Exporting a Certificate with MMC details all the steps needed to export the completed certificate to a PFX file and my post Installing a PFX Certificate in Windows details all the steps needed to install the certificate on another Windows system.