Found the way to do it:
MMC -> Certificates(Local Computer) -> Right click on the Personal folder -> All Tasks -> Advanced Operations -> Create Custom Request...
![enter image description here](../../I/static/images/febf3949f97f28d402de49a89163a18dbd033fdcee923ad4c1cb14336ebe5571.png)
I choose Proceed without enrollment policy
and clicked next. Choose (No Template) Legacy key
for compatibility and more options and use PKCS #10
. Click on next and click on Properties
.
![enter image description here](../../I/static/images/a05082571a928892ad23fc46402d529edc508dfb5947daacb7b61a1064d5c2b8.png)
Enter a Friendly name and Description and hit apply. Don't forget to hit apply after changes has been done on each tab.
Other tab examples for https certificate. Remember to add a valid Host + Domain Name for Common Name (CN), should look like www.yoursite.com
or yoursite.com
. Subject Alternative Names should be added under Alternative name
and Type DNS
.
If you need a new CSR similar to an existing certificate look at that certificate details and the Fields Subject
and Subject Alternative Name
![enter image description here](../../I/static/images/7853e744c035fb74ef4ab7959ed0600b6951eb514b408b390fff5781d7ec50f1.png)
Under the tab Extensions
choose Client Authentication
Server Authentication
for Extended Key Usage (application policies)
.
![enter image description here](../../I/static/images/68e42f7cd346b5177866f45d6ca8055fa6dd832d34d515ff4c5223661f45e63e.png)
Under the tab Private Key
choose Key size
4096 and Make private key exportable
.
If you have the Key type
flap choose Exchange
otherwise check that Select Hash Algorithm
is set to sha256
.
![enter image description here](../../I/static/images/c56c00e090a0e5a2e813f4204e23d44182a1b31f571d11496c3bb9e669cbba19.png)
If you choose (No Template) CNG key
it will look like this:
![enter image description here](../../I/static/images/6f1c2ed55e61b24b6004dfea2e2f5b5f7de6b29ef3cecdab871ad37b5a1a470b.png)
Save with OK and then save the file as Base64
.
2Thank you for posting that! However, I think the proper choice would be "Server Authentication". At least that is what I think it should be for a web server SSL cert. – Jim Clark – 2019-03-28T18:03:34.710
@JimClark Thanks, I think you are correct. :) – Ogglas – 2019-03-29T10:01:37.163
What file extension to use? – user230910 – 2019-10-09T03:24:04.650