Let’s face it, using IIS or the computer certs MMC for generating a CSR is a pain. Well there is no way around it, creating a CSR is a pain no matter what. But I always have a difficult time remember to get everything filled out correctly using the certificate MMC snap-in, so I use a command line and INF file. Yeah yeah…
For more specifics see: https://technet.microsoft.com/library/cc725793.aspx
But here is the condensed version
- Create a file called request.inf (the reality is that it can be any file name.)
- Put in it the following, I have added comments to what should/can be changed and describing them
- Once you have the file, you need to generate the CSR: certreq -new -machine c:\source\request.inf c:\source\request.req
-
Then take that to a 3rd party provider. Once they have authorized it, you need to re-import it
Now, for those that don’t know, a certificate file is just a text file, rename it to .txt and open it, it will look just like a csr.
Many 3rd party SSL vendors just give you the text. So simply place the string from the ===== to the end of the ==== and rename the file .cer
- Then import the certificate back into the computer: certreq -accept -machine c:\source\cert.cer
Done, see easy
So here is the request.inf file example
[Version]
Signature=”$Windows NT$”
[NewRequest]
;Federation the Subject Name should be URL.Domain.Com, for example adfs.mydomain.com. Remember that it cannot be the same name as the federation server, so having a server called ADFS will not work.
;Depending on the provider, you may need more information
;CN=2 Letter Country Code
;ST=State, usually spelled out
;L=City
;O=Company
;OU=Department
;CN=Server Name, and you would never acutally put a real server name in public DNS would you?
Subject = “C=US, ST=California, L=San Jose, O=family, OU=Spouse, CN=alias.mydomain.com”
KeySpec = 1
KeyLength = 2048
Exportable = TRUE; generally I leave this true. Even if you set it to false, there are ways to get around it. And with a UC cert, you need to easily export it and move it around
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
HashingAlgorithm = SHA256
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing
[RequestAttributes]
; Here is where you enter in SAN information, if you don’t need a SAN entry, just comment it out
; The enterpriseregistration is specifically for ADFS https://technet.microsoft.com/en-us/library/dn383662.aspx
SAN=”DNS=enterpriseregistration.mydomain.com&DNS=somethingelse.mydomain.com&IPaddress=127.0.0.1″
hello guos 9128738514
Cialis Ereccion Firme [url=http://cialibuy.com]Cialis[/url] Viagra And Cialis Ordering In Canada
Cialis Mujer [url=http://cialibuy.com]cialis 40 mg[/url] Beipackzettel Viagra Online
Micronised Amoxicillin [url=http://cialibuy.com]Cialis[/url] Allergies Amoxicillin Shelf Life Keflex
secure ordering isotretinoin pills in internet Dogs And Cephalexin Priligy Tablets Uk [url=http://cialibuy.com]Buy Cialis[/url] Propecia Barato Venta Priligy Es Eficaz No Prescription Fluoxetine
Order Levitra At Walmart [url=http://cialibuy.com]Buy Cialis[/url] Stromectol Discount Plavix Sale
How To Use Kamagra Nolvadex Forum [url=http://cialibuy.com]cialis no prescription[/url] What Is Cephalexin Used To Treat Propecia While On Finasteride