How to create a Certificate Signing Request in 2021 (Windows 11/10)?
How to create your own CSR for SSL implementation.
What is a CSR?
A certificate signing request (CSR) is the initial step to implement SSL/TLS on your server. The CSR is generated in the target server itself and contains important information about your server like — domain, country, owner details and general contact details along with the public key of the organization/individual which is signed by their respective private key.
The Certificate Authority (CA) will use the data from the CSR to build your SSL Certificate.
Key information in a CSR
A general purpose CSR will contain the following information -
Common Name (CN): your domain or a domain wildcard.
Organization (O): Name of your organization.
Organization Unit (OU): Sub-unit/division of above organization which will handle this certificate.
Locality (L): The city where your organization is located. (This shouldn’t be abbreviated.)
State/County/Region (S): The State where your organization is located.
Country (C): The ISO_3166-1 two-letter code for the country where your organization is located. (eg. IN/US/GB/AU/RU/CN)
Email (Email): Your/organization's department's email address.
How to create signing request in Windows?
Using certreq.exe
certreq.exe
is a tool in Microsoft Windows which can create a CSR.
To create one, you will need to follow 3 simple steps.
Step 1: Setup base information in *.ini file
In this step, you need to fill your information in a specific format (like one given below) which will be used by certreq.exe to create your CSR.
You can use the file below as a template. Be sure to change the contents of Subject
according to your use case. Key values in “Subject” field are your CN
, OU
, O
, et cetera. as discussed in previous section.
You can leave the rest as it is. This template will generate RSA (KeySpec = 1)
2048 (KeyLength = 2048)
bits keys
Step 2: Generate the CSR.
After you save the above file, you can run the following command in an admin shell to generate your CSR. (I’ve saved the file as CSRinformation.ini
)
certreq.exe -new .\CSRinformation.ini CSRrequest.txt
The generated CSR will be stored in CSRrequest.txt
Step 3: Validating the generated CSR.
The generated CSR’s structure should look similar to the one given below, the contents should/will be different.
Now you can submit this in a CSR checker to validate your request before submitting this in your CPanel.
More resources:
- You can also generate a CSR with IIS Manager in Windows, this method is well covered in ssl.com’s article; here is a link for the same —
- You can read more about
certreq.exe
and the parameters of the*.ini
file in the official documentation —
- You can check your CSR’s validity at —