Tags for this FAQ item:
IIS 6 IIS 7 IIS 8 IIS 8.5 Microsoft Windows Server 2003 Windows Server 2008 Windows Server 2012 Windows Server 2012 R2

To what extent has this article answered your question?

Rated 3 stars, based on 3 votes

Microsoft IIS - Generate SSL certificate request (CSR) with certreq

Last updated: 14/01/2016

Certreq.exe is a command-line utility included on Windows Servers. It allows you to quickly generate a certificate request (CSR) without having to use Windows's laborious GUI.

Open a text editor and paste the text below in the file:

;--- request.inf ---

Signature="$Windows NT$"

; Replace Country with the 2-letter ISO code for your country
; Replace State with your state or province, without abbreviation
; Replace City with your city
; Replace Organization with your company
; Replace Organization_Unit with your department, or remove OU=Organizational_Unit entirely
; Replace www.example.com with the hostname you're requesting a certificate for
; For a wildcard SSL certificate, this would be *.example.com
Subject = "CN=www.example.com, OU=Organizational_Unit, O=Organization, L=City, S=State, C=Country"
; Key Exchange - for encryption
KeySpec = 1  
; 2048 bits minimum, 3072 or 4096 are valid too
KeyLength = 2048
; Needed if you need to export the certificate to another server
Exportable = TRUE
; Indicates a server certificate, not a user certificate
MachineKeySet = TRUE
SMIME = False
UserProtected = FALSE
; Generate a new private key
UseExistingKeySet = FALSE
; RSA key
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

ProviderType = 12
; Standard of CSR's
RequestType = PKCS10
; Digital signatures and encryption
KeyUsage = 0xa0

; Server authentication


Generate your CSR with the following command:

C:\>certreq -new request.inf request.csr

Open the .csr file, and copy its contents in Kinamo's CSR application form, including the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines.

The .cer file you receive from the Certificate Authority can easily be installed by saving the file on the server you generated the CSR on, for instance as cert.cer, and by executing the following command at the prompt:

C:\>certreq -accept cert.cer