(847) 796-3177 [email protected]

Trying to generate a CSR on your Windows Server 2016? There is no reason to install OPENSSL or install IIS just to generate a CSR, simply use the built in certreq.exe with an INF file to generate a CSR using the guide below.

 

Create an INF file with the following information:

;----------------- request.inf -----------------

[Version]
Signature="$Windows NT$"

[NewRequest]
;Change to your country code, company name, locality name, state or province name and common name
Subject = "C=US, O=Change, L=Chicago, ST=Illinois, CN=www.domain.tld"

KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
HashAlgorithm = SHA256

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing

Once you have created the INF file with the information above open CMD as an administrator, browse to the path where the .inf file is and issue the following command:

certreq -new request.inf csr.txt

You will now find the generated CSR in the csr.txt at the same file path.