Mark Berry November 1, 2016
I’m planning to installed 3CX 15 on a Windows 2012 R2 server. I want to use a new SSL certificate. The machine does not have IIS installed. How do I create a Certificate Signing Request (CSR)?
This University of Washington page has concise instructions. The main “trick” is to use the Certificate Manager for the computer to generate a custom request. I followed those instructions, filling in some key usage details from another cert previously issued for IIS. Details are I the following screen shots.
I wasn’t sure if the default CNG key would be a problem, so I chose to create a Legacy key:
For a Legacy cert, the U. Washington instructions advise using only the Microsoft RSA SChannel Cryptographic Provider and nothing else:
I opened the output file, copied the request and pasted it into the site where I was getting my SSL certificate.
The certificate was issued and delivered as an email attachment (.cer file). I went back to Certificate Manager for the computer and imported it as a “personal” certificate. When I opened the new certificate, I was able to confirm that the computer has a private key for the certificate. Finally, I exported the certificate with the private key to a password-protected .pfx file, which I copied to a folder where I keep backups of all my SSL certificates.