SSL certificates are now a requirement for every website and app. But before you get one, you must generate the Certificate Signing Request (CSR) and send it to the Certificate Authority for validation. The CSR is a text block with your contact information.
You can create it on your server or device. This step-by-step guide explains how to generate a CSR in Windows, one of the most popular operating systems. Follow the instructions below to get your CSR in just a few minutes.
Step 1: Open the Windows Search Bar
- Click on the Start menu (Windows icon) at the bottom-left corner of your screen.
- Type “certmgr.msc” in the search bar and press Enter.
This command opens the Certificate Manager console, which is a built-in tool in Windows for managing certificates.
Step 2: Open the Local Computer Certificate Store
- In the Certificate Manager, navigate to the Personal folder in the left column.
- Right-click on it and select All Tasks > Advanced Operations > Create Custom Request.
Step 3: Start the Certificate Enrollment Process
- In the Certificate Enrollment window, click Next.
- Select Proceed without enrollment policy and click Next.
Step 4: Select Custom Request
- In the Custom Request section, select (No template) CNG key. Ensure PKCS #10 is ticked and click Next.
- Expand Details and click on Properties.
Step 5: Configure the Certificate Properties
- In the General Tab, add a friendly name and description to identify your CSR.
- Navigate to the Subject tab. In the Subject name section, select Common Name from the Type dropdown menu.
- Enter the fully qualified domain name (FQDN) of your website (e.g., www.yourdomain.com) in the Value field. Click Add.
- Next, enter the 2-letter code of your country. For example, the US
- Type the state name of your residence. For instance, California
- Add the locality name where you reside or your organization is registered. For example, San Jose
- The next option from the Type dropdown you must select is Organization. Write your company’s official name.
- Next, select Email, and provide a valid email address.
- If you have multiple domains, go to the Alternative Name tab. Select DNS from the Type dropdown menu and enter each additional domain. Click Add after entering each domain. If you have just one domain, skip this step.
- Navigate to the Private Key tab. Expand the Key options section. Ensure the Key size is set to at least 2048. Check Make private key exportable if you need to export the private key later.
- Expand the Cryptographic Service Provider section. Select Microsoft RSA Channel Cryptographic Provider.
- Ensure the Hash algorithm is set to SHA256.
Step 6: Save the Request
- Click OK to save the properties.
- Click Next to proceed. Select Base 64 in the File Format section.
- Select a location to save the CSR file. Enter a name for the file and click Save.
- Click Finish to generate the CSR.
Step 7: Verify and Submit the CSR
- Navigate to the location where you saved the CSR file.
- Open the CSR file with a text editor (e.g., Notepad) to verify its content.
- The CSR should start with —–BEGIN CERTIFICATE REQUEST—– and end with —–END CERTIFICATE REQUEST—–.
- After you generate a CSR file in Windows, follow the instructions of your SSL vendor to submit your CSR for certificate issuance. At SSL Dragon, the process is straightforward, thanks to our intuitive website.
Bottom Line
You’ve now learned how to generate a CSR in Windows via the built-in Certificate Manager tool. By following the steps outlined in this guide, you can create a CSR to secure your online communications and data with SSL certificates.
So, whether you’re managing a personal blog or a corporate website, understanding how to generate CSR for SSL certificates in Windows is a valuable skill that will serve you well for your online projects.
Save 10% on SSL Certificates when ordering today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10