Generate an SSL Certificate Request without IIS

Mark Berry November 1, 2016

I’m planning to installed 3CX 15 on a Windows 2012 R2 server. I want to use a new SSL certificate. The machine does not have IIS installed. How do I create a Certificate Signing Request (CSR)?

This University of Washington page has concise instructions. The main “trick” is to use the Certificate Manager for the computer to generate a custom request. I followed those instructions, filling in some key usage details from another cert previously issued for IIS. Details are I the following screen shots.

CertRequest01

I wasn’t sure if the default CNG key would be a problem, so I chose to create a Legacy key:

CertRequest02

CertRequest03

CertRequest04

CertRequest05

CertRequest06

CertRequest07

For a Legacy cert, the U. Washington instructions advise using only the Microsoft RSA SChannel Cryptographic Provider and nothing else:

CertRequest08

CertRequest09

CertRequest10

I opened the output file, copied the request and pasted it into the site where I was getting my SSL certificate.

The certificate was issued and delivered as an email attachment (.cer file). I went back to Certificate Manager for the computer and imported it as a “personal” certificate. When I opened the new certificate, I was able to confirm that the computer has a private key for the certificate. Finally, I exported the certificate with the private key to a password-protected .pfx file, which I copied to a folder where I keep backups of all my SSL certificates.


Leave a Reply





*