How to generate a custom CSR

Owned by Norman Cummins (Unlicensed), created
Last updated: Jun 28, 2023 by Vlad Stefan Zahan
4 min read

This guide describes the process of creating a custom CSR

Checklist

The checklist is a tool to ensure you remember to perform all steps in the how-to article. It provides an overview with the option to drill down into the how-to guide. If possible make the checklist chronological.

Ensure you have the requested URLs
Ensure the customer has completed the DNS registrations for the desired URLs
Ensure you have the customers legal company information including: Organisation/Company name, Organisational Unit/Department, street, city, state/Locality and Country
Created the CSR
Send the CSR to the customer



Things to be aware of!



How-to guide:

  • Logon to the server over RDP

  • Open an Microsoft Management Console, by clicking on the start button and typing MMC

  • Once the MMC is open, click File>Add/Remove Snap-in

  • Then select Certificates and click Add and then click OK

  • Now select Computer account and click Next

  • Ensure Local computer is selected and click Finish

  • Click OK, now expand Certificates (Local Computer)

  • Expand Personal Right click Certificates, select All Tasks, Select Advanced Operations and select Create Custom Request

  • In the Certificat Enrollment box, click Next

  •  

  • In the Select Certificate Enrollment Policy box, click Next

  • In the Custom request box, click Next

  • In the Certificate Enrollment box, click on the drop down arrow next to Details

  • Click Properties

  • In the Certificate Properties on the General tab Input a Friendly Name a Description is Optional and click Apply

  • On the Subject tab this where you add the Common Name, Organisation, Organisational Unit, Street, City and Country. These are all found under Subject name.

  • It will look something like this

  • Under Alternative name is where you can add additional URLs eg Media Manager, Office Connector and Adobe Connector, all can be served by a single certificate knows as a SAN. You achive this by selecting DNS under Alternative name, typing the URL and clicking Add.

  • Click Apply and then select the Private Key tab

  • Under Cryptographic Service Provider, ensure RSA, Microsoft Software Key Storage Provider, is selected

  • Under Key options ensure 2048 is selected

  • Note if you are including URLs for a Test environment, ensure Make private key exportable is also selected

  • Under Select Hash Algorithm select sha256 and click Apply and OK

  • Back at the Certificate Information box click Next

  • On the Certificate Enrollment box, click on browse to your desired folder location, Give the CSR a Name and click Save, then click Finish

  • Close the MMC console and send the CSR to the customer



Your contribution is important

Help us improve - together!

If you’d like to provide any feedback or suggested improvements to this guide, please feel free to leave a comment and the author will be notified.

Thank you.