To generate a CSR (Certificate Signing Request) with SAN (Subject Alternative Names) on Windows Server 2022 Datacenter Edition, the most straightforward and flexible method is using PowerShell with a custom INF file and the Certreq utility.
Here’s a step-by-step guide:
✅ Step 1: Create an INF File (Certificate Request File)
To create a CSR with CN with 2 DNS SANs and 2 IP SANs .Create a new text file named request.inf and paste the following content into it:
[Version]
Signature="$Windows NT$"
[NewRequest]
Subject = "CN=<CN>; O=<Org Name>; L=<City>; S=<state>; C=<2 Digit Country Code>"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = FALSE
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[Extensions]
2.5.29.17 = "{text}"
_continue_ = "dns=<CN>&"
_continue_ = "dns=<SAN-1>&"
_continue_ = "dns=<SAN-2>&"
_continue_ = "dns=<IP-1>&"
_continue_ = "dns=<IP-2>&"
_continue_ = "ip=<IP-1>&"
_continue_ = "ip=<IP-2>"
[RequestAttributes]
CertificateTemplate = WebServerCustomize these fields:
CN=Your primary domain name e.g., *.server.local Under [Extensions] → List all DNS SANs (dns=SAN) and all IP SANs with (dns=IP-address) and (ip=IP-address) separated by "&"
Add or remove SANs as needed
✅ Step 2: Generate the CSR Using certreq
Open PowerShell as Administrator and run:
certreq -new request.inf server.csrThis creates a CSR file named server.csr which you can submit to SecureNT.
✅ Step 3: Submit CSR to CA
If you are using a private CA (SecureNT), upload the CSR as part of your certificate request.
✅ Step 4: Install the SSL Certificate
After receiving the signed certificate (.cer or .crt), install it with:
certreq -accept server.cerNo Comments Yet.
Copyright © 2025 Secure Network Traffic. All rights reserved. SecureNT is a registered trademark of Secure Network Traffic.