Last updated: 14/01/2016
Certreq.exe is a command-line utility included on Windows Servers. It allows you to quickly generate a certificate request (CSR) without having to use Windows's laborious GUI.
Open a text editor and paste the text below in the file:
;--- request.inf --- [Version] Signature="$Windows NT$" [NewRequest] ; Replace Country with the 2-letter ISO code for your country ; Replace State with your state or province, without abbreviation ; Replace City with your city ; Replace Organization with your company ; Replace Organization_Unit with your department, or remove OU=Organizational_Unit entirely ; Replace www.example.com with the hostname you're requesting a certificate for ; For a wildcard SSL certificate, this would be *.example.com Subject = "CN=www.example.com, OU=Organizational_Unit, O=Organization, L=City, S=State, C=Country" ; Key Exchange - for encryption KeySpec = 1 ; 2048 bits minimum, 3072 or 4096 are valid too KeyLength = 2048 ; Needed if you need to export the certificate to another server Exportable = TRUE ; Indicates a server certificate, not a user certificate MachineKeySet = TRUE SMIME = False UserProtected = FALSE ; Generate a new private key UseExistingKeySet = FALSE ; RSA key ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 ; Standard of CSR's RequestType = PKCS10 ; Digital signatures and encryption KeyUsage = 0xa0 [EnhancedKeyUsageExtension] ; Server authentication OID=126.96.36.199.188.8.131.52.1 ;------------------------------
Generate your CSR with the following command:
C:\>certreq -new request.inf request.csr
Open the .csr file, and copy its contents in Kinamo's CSR application form, including the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines.
The .cer file you receive from the Certificate Authority can easily be installed by saving the file on the server you generated the CSR on, for instance as cert.cer, and by executing the following command at the prompt:
C:\>certreq -accept cert.cer