• Home
  • |
  • Blog
  • |
  • Step by Step Procedure to Create a Custom CSR on a Windows Server!
procedure to create a custom CSR on a Windows Server!

Certificate plays a critical role in securing communications. An IT admin, an application owner, or a developer, can’t work without a certificate. You can’t really imagine how many types of certificates there are. There are user certificates associated with computer accounts to prove the identity. To take a secure RDP (Remote Desktop Connection), a connection RDP certificate is a must. To access a website over HTTPS, SSL/TLS certificate is required. To get the certificate from a CA (Certificate Authority), you should create a CSR (Certificate Signing Request) and submit the CSR to CA. In this article, we are going to show a detailed step-by-step procedure to create a custom CSR (Certificate Signing Request) on a Windows Server.

What Is CSR (Certificate Signing Request)?

A CSR is the first step to getting a new certificate. As the name says, CSR is the standard request format that most Certificate Authorities accept to issue the certificate. In the next section, we will show how to create a custom CSR on Windows Server.

What Information You Should Include in A CSR?

Certificate Authority will use CSR to issue the certificate. So you should add the below information to your CSR while creating it.

Common Name (CN)The Fully Qualified Domain Name (FQDN). e.g. *.example.com, www.example.com, and mail.example.com.
Organization (O)The legal name of your organization. Do not abbreviate and include any suffixes, such as Inc., Corp., or LLC.
Organizational Unit (OU)The division of your organization handling the certificate.
City/Locality (L)The city where your organization is located. This shouldn’t be abbreviated.
State/County/Region (S)The state/region where your organization is located. This shouldn’t be abbreviated.
Country (C)The two-letter code for the country where your organization is located.
Email AddressAn email address used to contact your organization.
List of details required to generate a CSR

The public keyCertificate Authority includes it during the creation of the certificate.

Information about the key type and length. The most common key size is RSA 2048, but some CAs, including GlobalSign, support larger key sizes (e.g. RSA 4096+) or ECC keys.

How to Create a Custom CSR in a Windows Server?

Time needed: 5 minutes

To create a CSR in a Windows server,

  1. Open MMC in the Windows server

    Hit Win + R to open the Run utility
    Type mmc and click on ‘OK’.
    Open mmc in Windows Server

  2. Add Certificate Snap-in

    Go to File > Add/Remove Snap-in..Add Certificate Snap-in

  3.  Select Certificates and press Add

    Certificate Snap-in

  4. Select the User or Computer Certificate snap-in

    Select the snap-in in which you want to create the certificate. For demonstration, we are choosing Compute account.
    Click Next.
    Select Computer account

  5. Select Local Computer

    Select a local computer as you are going to create CSR on the same computer.
    Click Finish.Select Local Computer

  6. Select Certificate (Local Computer) and click Ok

    Select Local Computer snap-in

  7. Create Custom Request

    Access your MMC snap-in> right-click the Personal folder.
    Select All Tasks Advanced Operations Create Custom Request.Create-Custom-CSR-request

  8. CSR generation wizard

    The CSR generation wizard will open > Click Next.CSR generation wizard

  9. Proceed without enrollment policy

    Select the option to Proceed without enrollment policy > Click Next.Proceed without enrollment policy

  10. Click Next at the PKCS # 10 window.

    select PKCS # 10

  11. Edit Properties

    From the Details drop-down menu > Click Properties.Edit Properties

  12. Enter a Friendly Name

    Give a name

  13. Add the CSR contents:

    Access the Subject tab > in the Subject name: select the types from the dropdown list and add the values required for your CSR.

    = <domain.corp.com>
    DNS = <domain>

    subject name and alternate subject name in the subject setting of the certificate properties

  14. Set Private Key settings

    Click the Private Key tab > click the drop-down for Key options > select Key size: 2048 and check the option to Make private key exportable > Click OK.Set Private Key Settings

  15. Save the CSR file to a location.

    Select Base 64 and Click Next > Click Browse.Save CSR file

  16. 16. Select a location to save the CSR file. Enter a name for the file and click Save.

    Chose location to save CSR file

  17. Click Finish.


  18. The CSR file will be present at the location you saved it and can be used to request the SSL certificate as needed.

See Also  What Is A Denial Of Service Attack? How To Prevent Denial Of Service Attacks?

How Does a Typical CSR Look Like?

A CSR file is a long string of characters encoded in base-64 formats. Typically it can be read using any standard text editor. Here you can see how does a CSR look like. Whenever you copy the context, you should include:


An image of sample of the CSR file content
CSR file content sample is for reference

You can use CSR to generate any machine certificates, such as RDP, Ops Manager, and SSL. You may just need to choose the appropriate certificate template while submitting the CSR to the Certificate Authority.

How to Decode A CSR?

Sometimes, you may find yourselves in a position to validate the CSR. There are many ways to decode a CSR. But, for beginners, using online tools are the best way to decode CSRs. We want to introduce one such wonderful tool to you.

Namecheap: https://decoder.link/resultt

An image of submitting input in SSL & CSR decoder to decode
submitting input in SSL & CSR decoder to decode

Copy and paste the content of your CSR here in the box and click Decode. It not just decodes the CSR but also reports any errors in it.

Thanks for reading this article. Here you see more such interesting articles:

Recommend Products for You

We have some computer accessory recommendations that we think you’ll find useful. These are products we’ve personally selected that we believe are must-haves for any computer. Take a moment to look through the list – you can click on any item to view more details or purchase it directly from Amazon. Whether you’re just getting started with your computer or looking to expand its capabilities, we’re confident you’ll find something helpful among our top picks. Let us know if you have any other questions!

Declaimer: The below products contain affiliate links. We may receive a small commission if you purchase through these links at no additional cost to you. You can read our full affiliate disclosure here.

Read More:

About the author

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

  1. I think you have missed to provide the information about private key because it is not possible to get the private key the way you have described. In my case it caused a big problem since I have used your method to generate the csr and now I cannot install the actual certificate since I do not have the private key to export the pfx file.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.