How to generate a CSR code on a Windows-based server without IIS Manager – SSL Certificates – https://thefartiste.com

What if we need to install an SSL certificate for the military service other than IIS and there is no IIS Manager installed on the Windows server ? How one can generate a CSR code in this situation ?
fortunately, there are a few workarounds available .
Besides the fact that these workarounds will not provide a wizardous user-friendly interface and require a bite of familiarity with the system management tools, even they remain identical brawny for accomplishing our finish – creating a CSR code, which we can submit to the Certificate Authority during the certificate activation .
so let ’ s look at each of the methods closer.

CSR generation in MMC (Microsoft Management Console)

Open the Certificates snap-in in MMC by following these steps : Win+R > > mmc.exe > > OK > > File > > Add/Remove Snap-in > > Certificates > > Add > > Computer account > > Next > > Local computer > > Finish > > OK .
In the Personal > > Certificates panel, right-click on the blank space and follow All Tasks > > Advanced Operations > > Create Custom Request to open the Certificate Enrollment ace :
csrmmc_1
Make sure that the default Proceed without enrollment policy option is selected and click Next :
csrmmc2
On the following screen, leave the pre-selected options (No template) CNG key and PKCS#10 and cluck Next :
csrmmc3
now we need to open the windowpane, in which we will adjust the certificate request in the way that we can receive the certificate with the adjust information and using the command key type. Click the drop-down arrow on the right and then the Properties button .
csrmmc4
Add a friendly name value to the appropriate field thus that you can identify this request entry in future. This field is used to give a identify to the certificate, which can be the domain identify the certificate will be issued for or about any early appoint :
csrmmc5
On the adjacent yellow journalism called Subject, we need to add a few fields to the request and specify their values. The most essential field types that must be salute in the request are :

  • Common name: fully qualified domain name for which the certificate is to be issued
  • Country: 2-letter country code compliant with ISO 3166. The correct code can be checked here.
  • State: name of the state or region; can be the same as the city name
  • Locality: city name
  • Organization: company name should be specified here

NOTE: If you need to add discipline option names to the request, you can do it in the Alternative name section. Select the DNS field type and add the domain name one by one :
csrmmc6
The result should look alike to this :
csrmmc7
The last yellow journalism in this window we should open and review is the Private key. Let ’ s expand the Cryptographic Service Provider section and have a look. The default choice here is the RSA algorithm, which is the industry standard today, although you can opt for “ ECDSA “ ( if you need to issue an ECC certificate ) by checking one of the entries on the movie below :
csrmmc8
In the Key options section, if the RSA algorithm is used, make surely that Key size is set to at least 2048-bit .
NOTE: The certificates based on a identify with the size less than 2048-bit are considered to be not batten, and the trust Certificate Authorities do not issue them anymore .
If you plan to export the certificate, for exercise, for the installation on another example, it is required to check the Make private key exportable option :
csrmmc9
now we can click Ok and move further .
The last screen of the Certificate Enrollment ace requires us to specify the name of the file the CSR code will be saved into and its location in the file system. besides, make sure that File Format is set to Base64. then click the Finish button to initiate the individual key and CSR genesis with the attributes we have set just immediately :
csrmmc10

CSR generation using the Certreq utility

Certreq is the command line-based utility, which is used largely for creating and submitting certificate requests and retrieve, accepting and installing responses from Certificate Authorities .
Before we begin working with “ certreq ”, we need to create a policy file from which the information required for the CSR will be pulled up. Create a new regular textbook file and open it. then replicate and paste the text from below into the file ( select the piece of code either for RSA or ECDSA ) :

RSA

; — — — — — — — — – request.inf — — — — — — — — –

[ Version ]
Signature= ” $ Windows NT $ ”

[ NewRequest ]
Subject = “ C= US, O= Namecheap, CN= example.com, L= Los Angeles, S= California

KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “ Microsoft RSA SChannel Cryptographic Provider ”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
HashAlgorithm = SHA256

[ EnhancedKeyUsageExtension ]
OID=1.3.6.1.5.5.7.3.1
; — — — — — — — — — — — — — — — — — — — — — — — –


ECDSA

; — — — — — — — — – request.inf — — — — — — — — –

[ Version ]
Signature= ” $ Windows NT $ ”

[ NewRequest ]
Subject = “ C= US, O= Namecheap, CN= example.com, L= Los Angeles, S= California
KeyAlgorithm = ECDSA_P 384 ; can be changed to 256 or 521
exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “ Microsoft Software Key Storage Provider ”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
HashAlgorithm = SHA256

[ EnhancedKeyUsageExtension ]
OID=1.3.6.1.5.5.7.3.1
; — — — — — — — — — — — — — — — — — — — — — — — –
NOTE : You can add the street address value to the CSR code by specifying the Street variable in the Subject directing as follows :

Subject = “







CN=example.com,


C=US, O=Namecheap, L=Los Angeles, S=California

, Street= Test Avenue 1″


Make sure that you change the values highlighted in total darkness with the values that would be valid for your request. then save the file as the .inf type ( request.inf, for case ) :
csrmmc11
now we can open the command line prompt : Win+R > > cmd > > Enter .
voyage to the folder in which the policy charge is saved using the “ compact disk ” command :


cd C:\

Run the watch instruction to initiate the CSR generation :

certreq.exe -new request.inf nctest.csr
csrmmc12
If the Request Created message appears in reception to the command, the CSR code is created and saved into the .csr file ( nctest_ecdsa.csr in the example above ) .

CSR generation through Powershell

If you are a fan of script and used to doing certain everyday tasks in Powershell, you ’ ll decidedly like the trace script, designed for the CSR generation with a 2048-bit RSA key .

Open the Powershell console table by running :

Win+R > > powershell > > Enter .

then use the command to create newfangled file for the script code :


start notepad script_file_name.ps1

*Where script_file_name.ps1 is the script file and can have any suitable name.




In the opened Notepad window, paste the whole code from Ctrl+S or by using the File >> Save As menu.

In the open Notepad window, paste the whole code from here and save the file by pressingor by using the > > menu. following, run the following dominate in your PowerShell :

.\script_file_name.ps1

*Where script_file_name.ps1 is the name you used for your script file.

The prompt, resembling OpenSSL in some way, will ask you to enter Common Name, organization, organization unit, city, state and country values. The prompt, resembling OpenSSL in some manner, will ask you to enter Common Name, organization, organization unit, city, state and country values. NOTE: When you are asked to provide the subject option names, you can either specify them if it is required or plainly omit this step by pressing Enter.

finally, the Powershell window will produce the compendious of the supply information, hash and key algorithm details and the CSR code, offering to copy the CSR to clipboard correct away : csrmmc13 When the CSR code is generated using any of the methods described above, you can proceed with the SSL certificate activation .

source : https://thefartiste.com
Category : Tech

About admin

I am the owner of the website thefartiste.com, my purpose is to bring all the most useful information to users.

Check Also

articlewriting1

Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.