Knowledge Base

Solution

This document provides instructions for generating a Certificate Signing Request (CSR) on Microsoft Windows using the MMC console. If you are unable to follow these steps, DigiCert recommends that you contact Microsoft Support.

Note: To generate a CSR, you will need to create a key pair for your windows computer. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file and generate a new one, your Code Signing or Client (S/MIME) certificate will no longer match. You will have to replace the certificate then.

To generate a Certificate Signing Request (CSR) via a MMC certificate snap-in using Microsoft Windows, perform the following steps.  

1. From Microsoft Windows, click Start.
2. In the Search programs and files field, type mmc.
3. Click  File > Add/Remove Snap-in.
4. From the list of available snap-ins, select Certificates.
5. Click Add.
6. Select Computer account. 
7. Click Next.
8. Select Local computer (the computer this console is running on).
9.  Click Finish.
10. In the Add/Remove Snap-in window, click OK.
11. Save these console settings for future use.
12. Access your MMC snap in > right click the Personal folder.
13. Select All Tasks > Advanced Operations > Create Custom Request.
    
    
    
    
14. The CSR generation wizard will open > Click Next.
    
    
15. Select the option to Proceed without enrollment policy > Click Next.
    
     
16. Click Next at the PKCS # 10 window.
    
    
17.  
18. From the Details drop-down menu > Click Properties.
    
19. Enter a Friendly Name of your choosing.
    
20. Access the Subject tab > in the Subject name: Type: field add the following distinguish name values required for your CSR (CN, O, OU, S, L and C).
    
    Example:
    CN = Common Name: The registered organizational name that the certificate will be issued to and secure.
    O = Organization: The registered organizational name the certificate belongs to. If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll. For example: "XY & Z Corporation" would be "XYZ Corporation" or "XY and Z Corporation".
    OU = Organizational Unit: The department within the organization.
    S = State: The business registered state or province. Do not abbreviate the state or province name, for example: California not CA.
    L = Locality: The business registered location/city (not the actual server location).
    C = Country/region: The two letter ISO country code.
    
21. Click the Private Key tab > click the drop-down for Key options > select Key size: 2048 and check the option to Make private key exportable > Click OK.
    Note: All Code Signing or Client (S/MIME) certificates must have a 2048 bit key size.
    
22. Click the drop-down for Select Hash Algorithm, under Hash Algorithm select sha256 > Click OK.
    
23. Click Next > Click Browse.
    
24. Select a location to save the CSR file. Enter a name for the file and click Save.
    
    
25. Click Finish.
    
    
26. The CSR file will be present at the location you saved and can be used to request a Code Signing or Client (S/MIME) certificate.
    
    See: How to install a Code Signing or Client (S/MIME) certificate via MMC certificate snap-in using Microsoft Windows