This document provides instructions for generating a Certificate Signing Request (CSR) on Microsoft Windows using the MMC console. If you are unable to follow these steps, DigiCert recommends that you contact Microsoft Support.
Note: To generate a CSR, you will need to create a key pair for your windows computer. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file and generate a new one, your Code Signing or Client (S/MIME) certificate will no longer match. You will have to replace the certificate then.
To generate a Certificate Signing Request (CSR) via a MMC certificate snap-in using Microsoft Windows, perform the following steps.
- From Microsoft Windows, click Start.
- In the Search programs and files field, type mmc.
- Click File > Add/Remove Snap-in.
- From the list of available snap-ins, select Certificates.
- Click Add.
- Select Computer account.
- Click Next.
- Select Local computer (the computer this console is running on).
- Click Finish.
- In the Add/Remove Snap-in window, click OK.
- Save these console settings for future use.
- Access your MMC snap in > right click the Personal folder.
- Select All Tasks > Advanced Operations > Create Custom Request.
- The CSR generation wizard will open > Click Next.
- Select the option to Proceed without enrollment policy > Click Next.
- Click Next at the PKCS # 10 window.
- From the Details drop down menu > Click Properties.
- Enter a Friendly Name of your choosing.
- Access the Subject tab > in the Subject name: Type: field add the following distinguish name values required for your CSR (CN, O, OU, S, L and C).
CN = Common Name: The registered organizational name that the certificate will be issued to and secure.
O = Organization: The registered organizational name the certificate belongs to. If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll. For example: "XY & Z Corporation" would be "XYZ Corporation" or "XY and Z Corporation".
OU = Organizational Unit: The department within the organization.
S = State: The business registered state or province. Do not abbreviate the state or province name, for example: California not CA.
L = Locality: The business registered location/city (not the actual server location).
C = Country/region: The two letter ISO country code.
- Click the Private Key tab > click the drop down for Key options > select Key size: 2048 and check the option to Make private key exportable > Click OK.
Note: All Code Signing or Client (S/MIME) certificates must have a 2048 bit key size.
- Click the drop down for Select Hash Algorithm, under Hash Algorithm select sha256 > Click OK.
- Click Next > Click Browse.
- Select a location to save the CSR file. Enter a name for the file and click Save.
- Click Finish.
- The CSR file will be present at the location you saved and can be used to request a Code Signing or Client (S/MIME) certificate.
See: How to install a Code Signing or Client (S/MIME) certificate via MMC certificate snap-in using Microsoft Windows