All about SSL certificates

All about SSL certificates

Microsoft IIS - Generate SSL certificate request (CSR) with certreq

Last updated on 28 Sep 2023, 10:32:39.
Category: All about SSL certificates | SSL configuration

II 6 II 7 II 8 IIS 8.5 Microsoft Windows server 2003 Windows server 2008 Windows server 2012 Windows server 2012 R2

What is certreq?

Certreq.exe is a command-line utility included on Windows Servers. It allows you to quickly generate a certificate request (CSR) without having to use Windows's laborious GUI.

Creating a config file

Open a text editor and paste the text below in the file:

;--- request.inf ---

[Version]
Signature="$Windows NT$"

[NewRequest]
; Replace Country with the 2-letter ISO code for your country
; Replace State with your state or province, without abbreviation
; Replace City with your city
; Replace Organization with your company
; Replace Organization_Unit with your department, or remove OU=Organizational_Unit entirely
; Replace www.example.com with the hostname you're requesting a certificate for
; For a wildcard SSL certificate, this would be *.example.com
Subject = "CN=www.example.com, OU=Organizational_Unit, O=Organization, L=City, S=State, C=Country"
; Key Exchange - for encryption
KeySpec = 1 
; 2048 bits minimum, 3072 or 4096 are valid too
KeyLength = 2048
; Needed if you need to export the certificate to another server
Exportable = TRUE
; Indicates a server certificate, not a user certificate
MachineKeySet = TRUE
SMIME = False
UserProtected = FALSE
; Generate a new private key
UseExistingKeySet = FALSE
; RSA key
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

ProviderType = 12
; Standard of CSR's
RequestType = PKCS10
; Digital signatures and encryption
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]
; Server authentication
OID=1.3.6.1.5.5.7.3.1

;------------------------------

Generate a certificate request

Generate your CSR with the following command:

C:\>certreq -new request.inf request.csr

Open the .csr file, and copy its contents in Kinamo's CSR application form, including the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines.

Install an SSL certificate with certreq

The .cer file you receive from the Certificate Authority can easily be installed by saving the file on the server you generated the CSR on, for instance as cert.cer, and by executing the following command at the prompt:

C:\>certreq -accept cert.cer

Related articles

Kinamo mail server settings (mail server cheat sheet)

The following article provides the basic settings and server names (domain names) for the Kinamo mail infrastructure. These settings allow...

Read more

Create an automatic SPAM filter in the Kinamo Webmail

This article explains how you may create a filter that will automatically place SPAM messages in a special folder, so...

Read more

Order an SSL certificate? What is an SSL certificate?

You need to order an SSL certificate? But what is an SSL certificate? And why is everyone saying that it...

Read more

Need extra help?

Were not all your questions answered?
Don't worry, we will be happy to help you via a support request!

Select your language

All languages: