This FAQ explains how to generate CSR on Microsoft Windows Server running IIS (any version) with SAN (Subject Alternative Name) values.
How to create the CSR with SAN in Windows IIS?
Categories:
Installation FAQ,
Technical Information
Following steps are applicable for all versions of IIS. Windows Server should be domain joined.
- Open the MMC console and add the Certificate snap-in to it as Local Computer. Right Click Personal node on the left and Select All Tasks –>Advanced Operations –> Create Custom Request.
- Choose Proceed without enrollment policy and Click Next. Choose No Template Legacy Key for compatibility reasons. Use PKCS#10.
- Click Next and click Properties. Give a friendly name for the certificate and a description. Ensure that you hit Apply as soon as you are done with the tab.
- Click on Subject tab and add all the hostnames under “Alternative Name“. Under Subject Name, enter the Common Name (CN), Organizational Unit (OU), Organization (O), State (S) and Country (C) values. Click Apply.
- Under the Extensions tab, expand Extended Key Usage (application policies) and select Server Authentication and Client Authentication. Click Apply.
- Under the Private Key tab, set the Key size to 2048 under Key options. Tick Make Private Key exportable. Select Exchange as the Key type. Click Apply. Click OK.
- Select a location to save the file. Choose the file format as Base 64. Click Finish.
CSR is generated with SAN values.
How to create the CSR with SAN in Windows IIS?
How to create the CSR with SAN in Windows IIS?
Leave a Reply