Knowledgebase
Microsoft Windows 2003/2008 (IIS 5.x/6.x) Print this Article
Generate Certificate Signing Request for Windows 2003/2008
This document is only for advanced users who prefer a command shell to graphical user interface.
Save the following file as request.inf on your server editing the subject according to the comment:
;----------------- request.inf -----------------
[Version]
Signature="$Windows NT$"
[NewRequest]
Change to your,country code, company name and common name:
Subject = "C=US, O=Acme Safe Co, CN=store.acmesafe.com"
KeySpec = 1
KeyLength = 2048
; Can be 2048, 4096, 8192, or 16384.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing
;-----------------------------------------------
Then run:
c:\>certreq -new request.inf request.csr
This will generate your csr. When submitting the csr select Microsoft IIS 5.x and 6.x REGARDLESS OF THE VERSION YOU ARE ACUTALLY RUNNING. When your certificate is issued you'll receive a file called store_acmesafe_com.cer. Save it on the server and from the same directory run:
C:\>certreq -accept store_acmesafe_com.cer
This will install the cert in the Windows certificate store and it will be available in IIS, MMC, Exchange, LDAP/Active Directory etc.
This document is only for advanced users who prefer a command shell to graphical user interface.
Save the following file as request.inf on your server editing the subject according to the comment:
;----------------- request.inf -----------------
[Version]
Signature="$Windows NT$"
[NewRequest]
Change to your,country code, company name and common name:
Subject = "C=US, O=Acme Safe Co, CN=store.acmesafe.com"
KeySpec = 1
KeyLength = 2048
; Can be 2048, 4096, 8192, or 16384.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing
;-----------------------------------------------
Then run:
c:\>certreq -new request.inf request.csr
This will generate your csr. When submitting the csr select Microsoft IIS 5.x and 6.x REGARDLESS OF THE VERSION YOU ARE ACUTALLY RUNNING. When your certificate is issued you'll receive a file called store_acmesafe_com.cer. Save it on the server and from the same directory run:
C:\>certreq -accept store_acmesafe_com.cer
This will install the cert in the Windows certificate store and it will be available in IIS, MMC, Exchange, LDAP/Active Directory etc.
Was this answer helpful?
Related Articles
What is CSR and who needs it?
A Certificate Signing Request is a text generated on the server that is used to create your SSL...
A Certificate Signing Request is a text generated on the server that is used to create your SSL...
Apache/OpenSSL
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver,...
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver,...
Apache (with mod_ssl)
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Apache (Multi-Domain version)
To generate CSR file which includes more than one Fully Qualified Domain Name, you need to...
To generate CSR file which includes more than one Fully Qualified Domain Name, you need to...
Apple Mac OS X Server
CSR is generated in 2 steps.I. Private key generation1. Log into server and open...
CSR is generated in 2 steps.I. Private key generation1. Log into server and open...
