Csr generation windows

Please enter the hostname for which you want to request a certificate:


Noone working at KIT-CA uses this way of CSR generation, therefore we have next to no experience with it. If there are any problems, it might help to check out the official documentation (certreq.exe, certutil.exe).

On Windows, you can also create CSRs using the command line. In order to do so, you first need to create a file named FQHN.txt with the following content:

Exportable = TRUE
KeyLength = 4096
HashAlgorithm = sha256
MachineKeySet = TRUE
Subject = "CN=FQHN"
RequestType = PKCS10
UserProtected = FALSE

In order to add Subject Alternative Names (SANs), add an additional section [Extensions] to the previously created FQHN.txt with the required hostnames (each between _continue_ = "DNS= und &"):

[Extensions] = "{text}"
_continue_ = "DNS=<b>weiterer-hostname.ifmb.kit.edu</b>&"
_continue_ = "DNS=<b>noch-ein-hostname.ifmb.kit.edu</b>&"

Die CSR can now be generated with the following command. This overrides and previously existing file named FQHN.req with the new file.

certreq -new FQHN.txt FQHN.req

You can look at the generated CSR using:

certutil -dump FQHN.req