Page Comparison

...

1. Expand Certificates in the MMC Console and select Personal

2. Right-click on Personal->All Tasks->Advanced Operations->Create Custom Request…

3. Next

4. Select “Proceed without enrollment policy”

5. Next

6. Template: (No template) CNG key

7. Request format: PKCS #10

8. Next

9. Click arrow next to Details

10. Click Properties

11. General tab

    1. Friendly name: ex: myserver.mydomain.local

12. Subject tab

    1. Subject name: 

       1. Type: Common Name

       2. Value: FQDN of server, ex: myserver.foray.local

       3. Add

    2. Alternative name:

       1. Type: DNS

       2. Value: FQDN of server, ex: myserver.foray.local

       3. Add

    3. Subject name:

    4. Alternative name:

13. Extensions tab

    1. Key usage 

       1. Click “Key usage” arrow

       2. Available options: Digital signature, Add

       3. Available options: Key encipherment, Add

    2. Extended Key Usage

       1. Click “Extended Key Usage (application policies)” arrow

       2. Available options: Server Authentication, Add

       3. Available options: Client Authentication, Add

14. Private Key tab

    1. Click “Cryptographic Service Provider” arrow

       1. Verify that “RSA, Microsoft Software Key Storage Provider” is checked

    2. Click “Key options” arrow

       1. Key size: 2048

    3. Click “Select Hash Algorithm” arrow

       1. Hash Algorithm: sha256

15. Click OK

16. Click Next in Certificate Enrollment window

17. File Name: ex: C:\Temp\myserver.mydomain.local.csr

    1. NOTE: If the full path isn’t put in the field then the file will be saved to C:\Windows\system32\

18. File format: Base 64

19. Click Finish

...