Wednesday, February 9, 2011

How to request a new certificate manually with certreq.exe tool ussing a INF file and a SAN

Once a time I was really lost regarding how to get a new cert request from command line and I've found  this command ....this is useful for Windows 2003 Server and Windows 2008 Server.

1.Open a notepad and save as policy.inf and copy the below lines:

Policy.INF file

Signature= "$Windows NT$"
Subject= "CN;OU=MyCompany IT;O=My Company Inc;L=Saavedra;S=CABA;C=AR"
KeySpec = 1 
KeyLength = 1024  
Exportable = TRUE
MachineKeySet = TRUE
PrivateKeyArchive = FALSE
UserProtected = FALSE   
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA Schannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10 
KeyUsage = 0xa0   

2. From command line and with Local Administrator permissions, type:

certreq -new Policy.inf c:\certs\server1New.txt
3. Submit the request file to the Certificate Authority (CA) and have the CA generate the certificate

4.After receiving the certificate , accept it
certreq -accept c:\certs\cert.cer
 This will install the certificate in your certificate personal folder..

Further information be free to contact me at


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.