Table of Contents
How to create CSR?
There are again 2 ways to create a CSR
- Using IIS Server
- Using Openssl command line
Using IIS Server
Again, this is a 3-step procedure since using IIS we can’t generate private key
CSR Request
- Login to IIS windows Server and launch Internet Information Services (IIS) Manager
- On the IIS Manager page, Double – Click on Server Certificates
- From the right-side Actions pane, Click on Create Certificate Request
- Fill the required details
Select the required Bit length and click on Next
Provide the CSR path to save in a file and click Finish
- Now the CSR file is generated
Private Key Export
In the same IIS server
- Launch MMC and from File –> Add/Remove Snap-in
- Select Certificates –> Computer account –> Next and follow below screenshots
- Expand Certificates (Local Computer) –> Certificate Enrolment Requests –> Certificates
- Select the CSR that newly created in above
Right-Click –> All Tasks –> Export
- Please follow below screenshots
Extract key from PFX file
- Install Openssl
- Convert to PEM, I have used SSLShopper site for this article.
you can use openssl also for converting
Go to the path in Program file x86
.\openssl.exe pkcs12 -in “C:\temp\Cert\webserver-key.pfx” -nocerts -out “C:\temp\Cert\webserver-key.pem”
- Now convert downloaded PEM to key
.\openssl.exe rsa -in “C:\temp\Cert\webserver-key.pem” -out “C:\temp\Cert\webserver-key.key”
Using openssl
Using Openssl it’s simple to create the CSR & key
- If you are using windows, then use the below command
OpenSSL installed path – C:\Program Files (x86)\GnuWin32\bin>
Command to create CSR & Key as below
.\openssl.exe req -new -newkey rsa:2048 -nodes -keyout C:\temp\webserver.key -out C:\temp\webserver.csr
- Most of Linux machine having openssl pre-installed hence use the below command to generate the certs
openssl req -new -newkey rsa:2048 -nodes -keyout /tmp/webserver.key -out /tmp/webserver.csr