To generate a CSR on IIS server, quickly without using Windows GUI, follow the steps below:
1. Open a Text Editor/Notepad and paste the following content:
;--- request.inf --- [Version] Signature="$Windows NT$" [NewRequest] Subject = "CN=www.top.host, OU=Top.Host, O=Top.Host, L=Heraklion, S=Crete, C=GR, E=support@top.host" ; Key Exchange - for encryption KeySpec = 1 ; 2048 bits minimum, 3072 or 4096 are valid too KeyLength = 4096 ; Needed if you need to export the certificate to another server Exportable = TRUE ; Indicates a server certificate, not a user certificate MachineKeySet = TRUE SMIME = False UserProtected = FALSE ; Generate a new private key UseExistingKeySet = FALSE ; RSA key ProviderName = "Microsoft RSA SChannel Cryptographic Provider" HashAlgorithm = SHA256 ProviderType = 12 ; Standard of CSR's RequestType = PKCS10 ; Digital signatures and encryption KeyUsage = 0xa0 Silent = True FriendlyName = "Certificate SHA-256" [EnhancedKeyUsageExtension] ; Server authentication OID=1.3.6.1.5.5.7.3.1 ;------------------------------ |
Edit the CSR details above, stating your own details that you want the certificate to be issued to have.
Specifically, based on our example:
Subject = "CN=www.top.host, OU=Top.Host, O=Top.Host, L=Heraklion, S=Crete, C=GR, E=support@top.host"
- CN (Common Name) : Replace www.top.host with with the hostname you want the certificate to be issued to For wildcard SSL certificate, this should be : *.top.host - OU (Organizational Unit) :Replace Organizational Unit with the name of the department or remove OU=Organizational_Unit entirely - Ο (Organization) : Replace Organization with the name of the organization - L (Locality) : Replace City with your city name - S  (State or Province) : Replace State with province - C (Country) : Replace Country with the 2 letters of the ISO code corresponding to your country - E (Email Address) : Replace the email with a working email |
2. Save the file with the name request.inf, in the field Save as Type select All files(*.*), in the path C:
The request.inf file will have the following format.
3. Open a Command Prompt window by typing "cmd" in the taskbar search field and then Enter.
4. To generate CSR, in the window that will open, run the following commands:
cd C:
certreq -new request.inf request.csr
5. In the C: folder, the CSR named request.csr will be created, whose content will have the following format.
6. Open the generated .csr file and copy its contents, including the lines BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST.
Contact our experts, they will be happy to help!
Contact us