Ask a Question

Advanced Search

Solution ID : SO250821212507

Last Modified : 08/25/2021

How to generate a 2048-bit key and CSR for S/MIME in OpenSSL


1. Download and install OpenSSL for windows

Note: We cannot support you on downloading or installing OpenSSL.
However OpenSSL will usually install in this directory


2. Run openssl.exe in command prompt.

Run command:

openssl req -new -newkey rsa:2048 -nodes -out yourfilename.csr -keyout yourfilename.key


Note: yourfilename.csr and yourfilename.key you can edit to be more specific file names that you want to use.

Try our OpenSSL CSR Wizard


3. Fill in the following details:


Example Value

Common Name

Organization Name

DigiCert, Inc.



(Any department within your organization)



(Legally registered City)

State / Province




(Two-digit country code)

Email Address

Challenge Password


(This will be used to create the .pfx file or import the .pfx file.)

Key Size

2048, 3072, or 4096


4. Open the CSR file in TXT Editor like Notepad or Word pad.


5. Include the test into your order.


6. Download the Primary CS cert and its intermediate. You will need to save a copy of both files in the same directory where you are running the openssl.exe file.


7. Concatenate the files using this command to make a .pfx file.

openssl pkcs12 -export -out Newcscertificate.pfx -inkey yourfilename.key -in newcs.crt -certfile CA.crt


Note: Newcscertificate.pfx, yourfilename.key, newcs.crt. and CA.crt files names in the command will need to match the actual file names.

Once you get the .pfx file you can use this file with any tool you wish.


To import a .pfx file into the local Personal certificate store, do the following:

  1. Start Windows Explorer and select and hold (or right-click) the .pfx file, then select Open to open the Certificate Import Wizard.

  2. Follow the procedure in the Certificate Import Wizard to import the code-signing certificate into the personal certificate store.

  3. The certificate and private key are now available for to use.


Related Articles

Generate a CSR via MMC certificate snap-in using Windows

Reissue your Code Signing certificate