Certificate Signing Request (CSR) Generation for Elliptical Cryptography Curve (ECC) Encryption Algorithms on Microsoft Windows 2008 Servers
This document provides instructions for generating a Certificate Signing Request (CSR) with an Elliptical Cryptography Curve (ECC) encryption algorithm on a Microsoft Windows 2008 Server. If you are unable to use these instructions for your server, Symantec recommends that you contact Microsoft.
Watch a video demo to generate a CSR with an ECC encryption algorithm on a Microsoft Windows 2008 server
NOTE: If you are unable to view the video player, please click here to view from the video's web page.
To generate the CSR for Microsoft Windows 2008 Servers, perform the following steps:
Part 1: Create a Snap-in for Certificates in a Microsoft Management Console
Click the Start button and perform a search for MMC
On the MMC window, click File > Add/Remove Snap-in
Select Certificates from the left column
When the Certificate Snap-in wizard appears, select Computer Account
Keep Local computer selected
Confirm Certificate appears on the right column
Part 2: Generate the CSR file from the Personal Certificate Store in MMC
From the MMC window, drop down the Certificate tree
When the Certificate Information window appears, click the drop down arrow next to Details
Enter a Friendly Name NOTE: The Friendly Name is mainly used to state a department or a fictitious name to help identify the certificate on the server.
Click the Subject tab
Drop down the menu for Type and enter the information in the Value field clicking the Add button when each field is completed. Do this for the following fields:
Common Name: The fully-qualified domain name to which your certificate will be issued. Country: Enter the two-character abbreviation of country in which organization resides (e.g. US). Locality: Usually the city of your organization's main office, or a main office for your organization. Organization: The full legal name of your company. Organizational Unit: Use this field to differentiate between divisions within an organization. State: Enter the full name of your state or province.
Note: Make sure the State or Province is not abbreviated (e.g. California).
Click the Private Key tab
Click the drop down arrow next to Cryptographic Service Provider
Uncheck the defaulted selected box for RSA
Check the box for ECDH_P256 NOTE: At the time of this document was published, Symantec currently support only the ECDH_P256 elliptic curve for Microsoft servers.
Click the drop down arrow next to Key options
Check the box Make private key exportable NOTE: This option makes it possible to backup or export the certificate from the server.
Click Apply > OK
On the Certificate Enrollment wizard, click Next
From the Save-as window, navigate to a location for saving the file
Enter a file name
On the Certificate Enrollment wizard, select Base 64
The CSR has now been created. When opening the CSR file, ensure only a plain-text editor application is used (ex. Notepad or Vi).