Generating CSR using Certreq.exe

I wanted to get this down on paper for reference as I seem to be doing this frequently, but not that frequent to remember each step.

There are times when you need to generate a certificate signing request (CSR) on a machine without IIS installed. Examples of these are Web Application Proxy and ADFS 3.0 servers. So how do you go about doing this?

Simple – use the built in application certreq.exe

Prerequisites

  • Have your FQDN ready
  • User that is a member of the Local Administrator Account on the machine you will be running the application

Steps

1. Open Notepad. We need to create an inf file for certreq to read. In notepad type the following information

[New Request]
Subject = "C=GB, L=Crewe, ST=Cheshire ,O=hostedhouse.co.uk, CN=sip.hostedhouse.co.uk"
KeyLength =  2048
Exportable = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
HashAlgorithm = SHA256
MachineKeySet = True
FriendlyName = "My Certificate"

; if require Subject Alternative Names add the following
[Extensions]
2.5.29.17 = "{text}"
_continue_ = "dns=lyncweb.hostedhouse.co.uk&"
_continue_ = "dns=dialin.hostedhouse.co.uk&"
_continue_ = "dns=meet.hostedhouse.co.uk&"
_continue_ = "dns=lyncdiscover.hostedhouse.co.uk&"

Note Subject

C = Country you are in
L =  Location or Town
ST = State or Province
O = Organisation Name
CN = Subject Name of Certificate (for wildcard use CN=*.domain.com)

2. Save the file as certificate-info.inf

3. Open Command Prompt as an administrator and run the following command

certreq.exe -New "<path to >\certificate-info.inf" "C:\certificate-request.req"

4. Copy the contents of Certificate-request.req file to your trusted SSL provider and generate the certificate

5. Once you have the certificate from your provider, on the same machine as you created the CSR, copy the certificate to the c:\ root. To install the certificate use the following command

certreq.exe -Accept c:\<sslcertfilename>.cer

 

 

 

 

2 thoughts on “Generating CSR using Certreq.exe

  1. The file syntax above will generate the following error: “INF file line not found 0xe0000102 (INF: -536870654)”

    Fix this by replacing “[New Request]” with “[NewRequest]” (no space)

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s