Csr generation windows

Configure Certificate

Please enter the hostname for which you want to request a certificate:

Select algorithm and key strength for private key: ECDSA P-384 curve

Info

Nobody at KIT-CA uses this way of CSR generation, therefore we have next to no experience with it. If there are any problems, it might help to check out the official documentation (certreq.exe, certutil.exe).

On Windows, you can also create CSRs using the command line. In order to do so, you first need to create a file named FQHN.txt with the following content:

[NewRequest]
Exportable = TRUE
KeyAlgorithm = ECDSA_P384
HashAlgorithm = sha256
MachineKeySet = TRUE
Subject = "CN=FQHN"
RequestType = PKCS10
UserProtected = FALSE

In order to add Subject Alternative Names (SANs), add an additional section [Extensions] to the previously created FQHN.txt with the required hostnames (each between _continue_ = "DNS= und &"):

[Extensions]
2.5.29.17 = "{text}"
_continue_ = "DNS=eiterer-hostname.ifmb.kit.edu&"
_continue_ = "DNS=och-ein-hostname.ifmb.kit.edu&"

The CSR can now be generated with the following command. This overrides and previously existing file named FQHN.req with the new file.

certreq -new FQHN.txt FQHN.req

You can look at the generated CSR using:

certutil -dump FQHN.req