Microsoft Servers: Create ECC CSR


MICROSOFT SERVERS: INSTALL YOUR ECC SSL CERTIFICATE
Microsoft Servers: Create Your ECC CSR (these instructions utilized Windows Server 2012. These instructions may require modification if a different server has been used).

1. As an Admin open Microsoft Management Console.

Type mmc on the Windows Start screen

Next, use the right-click button to click on the mmc.exe and choose Run As Administrator

Next, select the User Account Control Window and select the option Yes; this will allow the program to make changes to the computer.

2. Now, you are in the MMC Console. At this point click on File and then Add/Remove Snap-In.

Add snap in

3. After you have clicked on the Add/Remove Snap-In window, under the Available Snap-Ins scroll window select Certificates and then click the Add button.

Add certificates

4. After you have added Certificates, then you are now in the Certificate Snap-In Window. At this point select the button Computer Account. This will allow you to manage all the certificates that actually installed on the computer. Then click NEXT.

Computer account

Local computer

5. After you select NEXT above, this will open the Select Computer window. At this point select the option Local Computer: the computer this console is running on. Once selected then click the FINISH button.

6. Next, Click OK in the Add/Remove Snap-Ins Window.

Console root

All tasks

7. You are now in the MMC Console again. To the left there is the Console Tree, at this point click on CERTIFICATES and it will expand, then click PERSONAL. Next right-click on CERTIFICATES FOLDER. The certificates folder will pull up a drop down window, select ALL TASKS, then ADVANCED OPERATIONS and Finally CREATE CUSTOM REQUEST.

8. This will launch the CERTIFICATE ENROLLMENT WIZARD, and the screen will be titled “BEFORE YOU BEGIN” then click NEXT button.

Certificate enrollment

Proceed with enrollment policy

9. When you click the NEXT button above, the SELECT CERTIFICATE ENROLLMENT POLICY PAGE will open. Select PROCESS WITHOUT ENROLLMENT POLICY. Then click the NEXT button.

10. Locate the Custom request window, and after you fill in the information below Select Next.

TEMPLATE: From the menu next to template, choose (No template) CNG Key.

REQUEST FORMAT: For this option, choose PKCS #10

Advanced custom request

11. From the Certificate Information window, Select Details and select the arrow to choose the Properties option.

12. Next, under the Certificate Properties screen locate the General tab and fill in the information below:

General Cert properties

FRIENDLY NAME: Enter in your ECC SSL Certificate name. This name will not be included in the certificate. It is simply used to label the certificate during the process.

DESCRIPTION: Enter a short description of your certificate.

13. Next, Select the Subject option. Then, choose a Type and select the required Value for that field. Then, Select Add.

COMMON NAME: Type in your domain name.

ORGANIZATION: Type in the legal name of your company.

ORGANIZATION UNIT: Type in the specific department of your company. This will also be shown on your ECC SSL Certificate.

LOCALITY: This is where you type in the city where your company is based.

Add properties with buttons

STATE: Type in the state where your company is based.

COUNTRY: Type in the country where your company is based.

14. You do have an option to add more hostnames. This applies if you need a Multi-Domain (SAN) or an EV Multi-Domain ECC SSL Certificate.

a. Locate Alternative name and choose DNS from the Type menu.

b. Then, in the Value option you can enter any other hostnames that you want the certificate to have. Then, Select Add.

c. You can repeat this process for every hostname you want to secure.

Subject Tab Properites

15. Next, find the Private Key option and Select Cryptographic Service Provider. Then, complete the steps below:

a. Deactivate the RSA, Microsoft Software Key Storage Provide by unchecking the box next to it.

Private Key Tab

b. Then, Select the box next to ECDSA_P256, Microsoft Software Key Storage Provider. You can choose your encryption strength, it is recommended you choose 256-bit. However, if you want more encryption you can choose 382 or 521.

TIP: Do not choose the ECDH options, only the ECDSA options.

Private Key Options

16. Now, you will need to Select Key Options and Click the box next to Make Private Key Exportable.

17. Then, Select Apply and choose OK.

18. Find the Certificate Enrollment window, and go to the Certificate Information screen. Then, Select Next.

Cert enrollment

19. Then, you will be taken to the Where do you want to save the offline request screen. Complete the tasks below:

a. Select Base 64 for the File Format.

b. Type in the name of your CSR in the box labeled File Name.

c. Select Browse to choose where you want to save your CSR file and then Select Save.

File Format

d. Then, Select Finish.

20. Then, open the file in a text editor like notepad.

CSR Example

21. Next, copy and paste the entire body of the file (with —BEGIN—AND—END tags included) into the DigiCert order form.

TIP: When you are ordering your SSL Certificate, be sure to choose OTHER when prompted to Select Server Software that way you receive all of the certificates you need.

Upload CSR

22. Lastly, you are free to install your ECC SSL Certificate after you receive it from DigiCert.

MICROSOFT SERVERS: INSTALL YOUR ECC SSL CERTIFICATE
Back To Guides
Products
Services
Resource Center


        
©2023 The SSL Store™. A subsidiary of DigiCert, Inc. All Rights Reserved. Privacy Policy Terms Of Service