Create SHA-2 CSR on windows

Create SHA-2 CSR on windows

Create SHA-2 CSR file

If you Are generating CSR and your CA will not accept it because its SHA-1 you should switch to SHA-2 but on some windows 2003, 2008, and 2012 servers default CSR will generate based on SHA-1,
So let’s do it manually:

In this guide, we are not going to use Open-SSL, and just in windows without any extra tools, we can Create SHA-2 CSR file.

To start:

RUN > MMC > FIle> Add Remove Snap-In… > Certificates > Add

(These screenshots got from windows server 2012 R2 but win 2003 and 2008 have the same steps)

Type MMC on RUN

Type MMC on RUN

File> Add/Remove Snap-in

 

From File> Add/Remove Snap-in…

 

Select Certificates from the left panel and click Add button

Select Certificates from the left panel and click Add button

Select Computer account

By clicking on Add button Certificate Snap-in window will pop up. Select Computer account(This choice is not very important)> Next

 

select Local Computer

In the “Select Computer you want …” select Local Computer(the computer this console is running on) >Finish

 

Add or Remove Snap-ins" window, select added Certificates

in the “Add or Remove Snap-ins” window, select added Certificates snap-in and press OK.

Root select Personal> Certificates(right click)> All Tasks> Advanced Operations> Create custom request

Under Console Root select Personal> Certificates(right-click)> All Tasks> Advanced Operations> Create custom request…

In the Certificate Enrollment window select "Next

In the Certificate Enrollment window select “Next”

Select Proceed without enrollment policy

Select Proceed without enrollment policy on Select Certificate Enrollment Policy page> Next

in Custom request windows select (No Template)CNG key and PKCS#10

in Custom request windows select (No Template)CNG key and PKCS#10 format and select Next

 

Certificate Enrollment Click Details

Certificate Enrollment Click Details

Certificate Enrollment properties

After clicking Details properties will appear to select it.

friendly name add the domain you need SSL for that on Description and friendly name.

In Certificate Properties > General tab for friendly name add the domain you need SSL for that for example if you are creating CSR for www.day.ir type this on Description and friendly name.

Certificate properties Subject tab Type Value

In certificate properties Subject tab on Subject name from the left panel under Type select the types your CA needs from you. usually, the item I introduce to you are necessary, after selecting the item should fill the value and Add to the right panel, the item you may need:
Common name: CN is your domain name for example CN=www.day.ir
Organization: O is your company name: for example O=Day Telecom
Organization Unit OU is the name of the unit in your company that is related to SSL for example OU= Security or OU=IT Dept
Locality: L your city for example L=Tehran
State: S your State in your country for example S=Tehran
Country: C for example C=IRAN
Email: E your email on the certificate for example E=webmaster@domain

You cal also have SAN Subject Alternative Name if your issuer CA supports it. for example, if you don’t add www on the Alternative Name your SSL will not cover https://www.yourdomain.com and it will just use http://yourdomain.com

Key size to 2048 or bigger. On "Select Hash Algorithm" hash 256

This part is why we are here, in the Private Key tab select Key Options and change Key size to 2048 or bigger. On “Select Hash Algorithm” change Hash Algorithm to sha256 click OK and Next.

Selecting Make private key exportable will help to backup the installed certificate in the future for a move to a new server or any problem

select Base 64

Where do you want to save the offline request? select destination and from file format select Base 64> Finish.

Now you can check your SHA-2 CSR file online

If you like to redirect http to https you may need to check this guide:
https://day.ir/blog/en/redirect-http-to-https-ssl-windows-url-rewrite/

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

9 نظرات در مورد “Create SHA-2 CSR on windows