How to Manually Create a Web Server SSL Certificate From Command Line
Last Updated March 06, 2014
1. Creating an INF file to set the certificate properties
Use Notepad to modify the following sample INF file according to your needs. Safe the file as ssl.inf for example
[Version] Signature=”$Windows NT$”
[NewRequest] Subject = “CN=SERVER.CONTOSO.COM” ; For a wildcard use “CN=*.CONTOSO.COM” for example ; For an empty subject use the following line instead or remove the Subject line entirely ; Subject = Exportable = FALSE ; Private key is not exportable KeyLength = 2048 ; Common key sizes: 512, 1024, 2048, 4096, 8192, 16384 KeySpec = 1 ; AT_KEYEXCHANGE KeyUsage = 0xA0 ; Digital Signature, Key Encipherment MachineKeySet = True ; The key belongs to the local computer account ProviderName = “Microsoft RSA SChannel Cryptographic Provider” ProviderType = 12 SMIME = FALSE RequestType = CMC
; At least certreq.exe shipping with Windows Vista/Server 2008 is required to interpret the [Strings] and [Extensions] sections below
4. Installing the certificate at the IIS or ISA computer
Once the certificate was issued and is available as a file on the target computer, use the following command to install it.
certreq –accept ssl.cer
The installation actually puts the certificate into the computer’s personal store, links it with the key material created in step #1 and builds the certificate property. The certificate property stores information such as the friendly name which is not part of a certificate.
After performing steps 1 to 4 the certificate will show up in the IIS or ISA management interface and can be bound to a web site or a SSL listener.
Imported Document ID: HOWTO95374
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe