Generate CSR with MMC

  1. Open the Local Machine Certificate Store via the MMC.
  2. Right-click with your mouse on Personal and select All tasksAdvanced operationsCreate custom request Generate CSR with MMC 1
  3. A new screen with the title "Certificate Enrollment" appears. Click on Next Generate CSR with MMC 2
  4. Select Custom Request -> Proceed without enrollment policy Generate CSR with MMC 3
  5. For usage with Microsoft TMG, RDP, or ADFS on Azure You need to select (No template) Legacy key as template, for all other usages you can leave the settings on default. Click Next Generate CSR with MMC 4
  6. Click on the down-arrow next to Details and then on Properties Generate CSR with MMC 5
  7. On the tab General you enter a Friendly name to use for the certificate and go to the next tab Generate CSR with MMC 6
  8. On the tab Subject you need to enter the request details:
    • Common name
    • Country
    • Locality
    • Organization
    • Organization unit
    • State
    Every field can be added by clicking Add before selecting the next field. When all required details have been added, you can navigate to the next tab.Generate CSR with MMC 7
  9. On the tab Extensions click on the arrow next to Extended Key usage. Select for Available options the options server authentication and click on Add. Repeat these steps for client authentication. Then navigate to the last tab. Generate CSR with MMC 8
  10. On the tab Private key, click on the arrow-button next to Cryptographic service provider.
    1. When you want to use a RSA key, select the RSA, Microsoft software key storage provider
    2. When you want to use a Legacy key template, deselect Microsoft Strong Cryptographic Provider, and select Microsoft RSA SChannel Cryptographic Provider and then under Key options select as key size: 2048.
    3. When you want to use an ECC key, select ECDSA_P256, Microsoft Software Key Storage Provider.
    Generate CSR with MMC 9 Generate CSR with MMC 10 Generate CSR with MMC 11
  11. Check the option Make private key exportable when you want to exort the certificate later on to a .pfx bestand.
  12. Click on Apply and then Ok
  13. Click on Next. In the following screen click on Browse... to select where you want to store the CSR, then name it (like: CSR) and click Save. Generate CSR with MMC 12
  14. Click on Finish

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up