CSR Generation and Certificate Installation for Windows (all) using certreq

CSR Generation and Certificate Installation for Windows (all) using certreq (31337)
Solution
This article is for administrators who prefer the command shell!


Save the following file as request.inf on your server editing the subject according to the comment:

;----------------- request.inf -----------------

[Version]
Signature="$Windows NT$"

[NewRequest]
;Change to your,country code, company name and common name
Subject = "C=US, O=Example Co, CN=something.example.com"

KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing
;-----------------------------------------------


then run

C:\>certreq -new request.inf request.csr

Installing Certificate


When your certificate is issued you'll typically receive a file called store_acmesave_com.cer. Save it on the server and from the same directory run:

C:\>certreq -accept store_acmesafe_com.cer

This will install the cert in the Windows certificate store and it will be available in IIS , MMC , Exchange , LDAP/Active Directory , Terminal Services and those products that make use of the Windows certificate store.

For more information, see:

http://support.microsoft.com/kb/321051