All about SSL certificates

All about SSL certificates

Microsoft IIS - Generate SSL certificate request (CSR) with certreq

Last updated on 28 Sep 2023, 10:32:39.
Category: All about SSL certificates | SSL configuration

II 6 II 7 II 8 IIS 8.5 Microsoft Windows server 2003 Windows server 2008 Windows server 2012 Windows server 2012 R2

What is certreq?

Certreq.exe is a command-line utility included on Windows Servers. It allows you to quickly generate a certificate request (CSR) without having to use Windows's laborious GUI.

Creating a config file

Open a text editor and paste the text below in the file:

;--- request.inf ---

[Version]
Signature="$Windows NT$"

[NewRequest]
; Replace Country with the 2-letter ISO code for your country
; Replace State with your state or province, without abbreviation
; Replace City with your city
; Replace Organization with your company
; Replace Organization_Unit with your department, or remove OU=Organizational_Unit entirely
; Replace www.example.com with the hostname you're requesting a certificate for
; For a wildcard SSL certificate, this would be *.example.com
Subject = "CN=www.example.com, OU=Organizational_Unit, O=Organization, L=City, S=State, C=Country"
; Key Exchange - for encryption
KeySpec = 1 
; 2048 bits minimum, 3072 or 4096 are valid too
KeyLength = 2048
; Needed if you need to export the certificate to another server
Exportable = TRUE
; Indicates a server certificate, not a user certificate
MachineKeySet = TRUE
SMIME = False
UserProtected = FALSE
; Generate a new private key
UseExistingKeySet = FALSE
; RSA key
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

ProviderType = 12
; Standard of CSR's
RequestType = PKCS10
; Digital signatures and encryption
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]
; Server authentication
OID=1.3.6.1.5.5.7.3.1

;------------------------------

Generate a certificate request

Generate your CSR with the following command:

C:\>certreq -new request.inf request.csr

Open the .csr file, and copy its contents in Kinamo's CSR application form, including the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines.

Install an SSL certificate with certreq

The .cer file you receive from the Certificate Authority can easily be installed by saving the file on the server you generated the CSR on, for instance as cert.cer, and by executing the following command at the prompt:

C:\>certreq -accept cert.cer

Related articles

Managed services in the spotlight

Our system administrators have lifted a couple of cargo ships filled with containers of work. (yes, that pun was on...

Read more

What service level guarantees (SLA) are available for a server housing (co-location)?

Server housing or co-location customers can fall back on an excellent service level guarantee. A Kinamo server housing service comes...

Read more

Discover here how we’ve fixed a blocking error when upgrading ESXi 6.5 to 7.0 update 2 through vSphere Lifecycle Manager.

Kinamo maintains multiple VMware vSphere clusters, not only for our own infrastructure, but also for a variety of customers. As...

Read more

Need extra help?

Were not all your questions answered?
Don't worry, we will be happy to help you via a support request!

Kinamo

Select your language

All languages: