Trying to generate a CSR on your Windows Server 2016? There is no reason to install OPENSSL or install IIS just to generate a CSR, simply use the built in certreq.exe with an INF file to generate a CSR using the guide below.
Create an INF file with the following information:
;----------------- request.inf ----------------- [Version] Signature="$Windows NT$" [NewRequest] ;Change to your country code, company name, locality name, state or province name and common name Subject = "C=US, O=Change, L=Chicago, ST=Illinois, CN=www.domain.tld" KeySpec = 1 KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 HashAlgorithm = SHA256 [EnhancedKeyUsageExtension] OID=184.108.40.206.220.127.116.11.1 ; this is for Server Authentication / Token Signing
Once you have created the INF file with the information above open CMD as an administrator, browse to the path where the .inf file is and issue the following command:
certreq -new request.inf csr.txt
You will now find the generated CSR in the csr.txt at the same file path.