...
Expand Certificates in the MMC Console and select Personal
Right-click on Personal->All Tasks->Advanced Operations->Create Custom Request…
Next
Select “Proceed without enrollment policy”
Next
Template: (No template) CNG key
Request format: PKCS #10
Next
Click arrow next to Details
Click Properties
General tab
Friendly name: ex: myserver.mydomain.local
Subject tab
Subject name:
Type: Common Name
Value: FQDN of server, ex: myserver.foray.local
Add
Alternative name:
Type: DNS
Value: FQDN of server, ex: myserver.foray.local
Add
Subject name:
Alternative name:
Extensions tab
Key usage
Click “Key usage” arrow
Available options: Digital signature, Add
Available options: Key encipherment, Add
Extended Key Usage
Click “Extended Key Usage (application policies)” arrow
Available options: Server Authentication, Add
Available options: Client Authentication, Add
Private Key tab
Click “Cryptographic Service Provider” arrow
Verify that “RSA, Microsoft Software Key Storage Provider” is checked
Click “Key options” arrow
Key size: 2048
Click “Select Hash Algorithm” arrow
Hash Algorithm: sha256
Click OK
Click Next in Certificate Enrollment window
File Name: ex: C:\Temp\myserver.mydomain.local.csr
NOTE: If the full path isn’t put in the field then the file will be saved to C:\Windows\system32\
File format: Base 64
Click Finish
...