Step by Step Procedure to Create a Custom CSR on a Windows Server!

Source: thesecmaster.com

Certificate plays a critical role in securing communications. An IT admin, an application owner, or a developer, can’t work without a certificate. You can’t really imagine how many types of certificates there are. There are user certificates associated with computer accounts to prove the identity. To take a secure RDP (Remote Desktop Connection), a connection RDP certificate is a must. To access a website over HTTPS, SSL/TLS certificate is required. To get the certificate from a CA (Certificate Authority), you should create a CSR (Certificate Signing Request) and submit the CSR to CA. In this article, we are going to show a detailed step-by-step procedure to create a custom CSR (Certificate Signing Request) on a Windows Server.

Table of Contents
· What Is CSR (Certificate Signing Request)?
· What Information You Should Include in A CSR?
· How to Create a custom CSR in a windows Server?
· How Does a Typical CSR Look Like?
· How to Decode A CSR?

What Is CSR (Certificate Signing Request)?

A CSR is the first step to getting a new certificate. As the name says, CSR is the standard request format that most Certificate Authorities accept to issue the certificate. In the next section, we will show how to create a custom CSR on Windows Server.

What Information You Should Include in A CSR?

A Certificate Authority will use CSR to issue the certificate. So you should add the below information to your CSR while creating it.

List of details required to generate a CSR

The public key: Certificate Authority includes it during the creation of the certificate.

Information about the key type and length. The most common key size is RSA 2048, but some CAs, including GlobalSign, support larger key sizes (e.g. RSA 4096+) or ECC keys.

How to Create a Custom CSR in a Windows Server?

To create a CSR in a Windows server,

1. Open MMC in the Windows server

Hit Win + R to open the Run utility
Type mmc and click on ‘OK’.

Run utility to open the MMC console

2. Add Certificate Snap-in

Go to File > Add/Remove Snap-in..

Add/Remove snap-in in mmc console

3. Select Certificates and press Add

Selecting Certificates console in mmc

4. Select the User or Computer Certificate snap-in

Select the snap-in in which you want to create the certificate. For demonstration, we are choosing Compute account.
Click Next.

Selecting a computer account to manage computer-related certificates

5. Select Local Computer

Select a local computer as you are going to create CSR on the same computer.
Click Finish.

Selecting the Local computer to manage certificates on the local computer

6. Select Certificate (Local Computer) and click Ok

The final step is to select the certificates console in MMC

7. Create Custom Request

Access your MMC snap-in> right-click the Personal folder.
Select All Tasks > Advanced Operations > Create Custom Request.

Create a request for CSR generation

8. CSR generation wizard

The CSR generation wizard will open > Click Next.

Begin the CSR generation process

9. Proceed without enrollment policy

Select the option to Proceed without enrollment policy > Click Next.

Selecting certificate enrollment policy; In this demo, select the option to proceed without enrollment policy

10. Click Next at the PKCS # 10 window.

Configuring the certificate options with a request format and the template

11. Edit Properties

From the Details drop-down menu > Click Properties.

Customizing the request with the required details

12. Enter a Friendly Name

Customizing the certificate request, beginning with the friendly name under the General tab

13. Add the CSR contents:

Access the Subject tab > in the Subject name: select the types from the dropdown list and add the values required for your CSR.

Example:
CN = <domain.corp.com>
DNS = <domain>

Update details to the CSR, like Subject name and Alternative name

14. Set Private Key settings

Click the Private Key tab > click the drop-down for Key options > select Key size: 2048 and check the option to Make private key exportable > Click OK.

Configuring the private key details like key size

15. Save the CSR file to a location.

Select Base 64 and Click Next > Click Browse.

Export/save the CSR file with the required file format

16. Select a location to save the CSR file. Enter a name for the file and click Save.

Select the location to save/export the CSR file

17. Click Finish.

The final step to completing the CSR generation by clicking the ‘Finish’

18. The CSR file will be present at the location you saved it and can be used to request the SSL certificate as needed.

How Does a Typical CSR Look Like?

A CSR file is a long string of characters encoded in base-64 formats. Typically it can be read using any standard text editor. Here you can see how does a CSR look like. Whenever you copy the context, you should include:

— –BEGIN NEW CERTIFICATE REQUEST — — & — –END NEW CERTIFICATE REQUEST — –

CSR file content sample is for reference

You can use CSR to generate any machine certificates, such as RDP, Ops Manager, and SSL. You may just need to choose the appropriate certificate template while submitting the CSR to the Certificate Authority.

How to Decode A CSR?

Sometimes, you may find yourselves in a position to validate the CSR. There are many ways to decode a CSR. But, for beginners, using online tools are the best way to decode CSRs. We want to introduce one such wonderful tool to you.

Namecheap: https://decoder.link/resultt

submitting input in SSL & CSR decoder to decode

Copy and paste the content of your CSR here in the box and click Decode. It not just decodes the CSR but also reports any errors in it.

This post is originally published at thesecmaster.com.

We thank everybody who has been supporting our work and request you check out thesecmaster.com for more such articles.