Link to home
Start Free TrialLog in
Avatar of jsnrby

asked on

How to add location info to an SSL CSR using CertReq.exe

Hi, I am trying to create a cert request for an IIS 7 website on Server 2008 R2 using CertReq.exe so I can add a Subject Alternate Name. This CSR will be submitted to a 3rd party issuing CA, not an Enterprise CA, and I would normally add the SAN info on the issuers website. Unfortunately the customer wants it done this way.

I'm using a RequestPolicy.inf file that I created based on the following Technet articles:

Everything checks out when I verify the output file (.req), except that I cannot find how to add the folling info to the CSR with CertReq.exe. I dont see this in any of the Technet articles for this tool:

Organization Unit

Can someone please provide the proper way to add this info to a CSR using the command line?

Thank you!
Avatar of becraig
Flag of United States of America image

You will need to do this with a policy file:

Subject= ", OU=xxx, O=xxx, L=xxx, S=xxx, C=xx"
Exportable = TRUE
Exportable = TRUE
KeyLength = 2048
KeyUsage = 0xA0
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = CMC

OID= = "{text}"
_continue_ = ""

Open in new window

Then run a certreq e.g

certreq –new c:\filename-you-saved-above-content-as.inf  C:\filename-of-request-to-be-generated.txt
Let me know if you have any additional question, though the above info should resolve this for you.
Avatar of becraig
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial