Thursday, May 18, 2017

How to use certreq tool to build a CSR on MS system

This comes up  numerous time with how to generate a SSL CSR  on a microsoft system. People believe that you need IIS installed to generate a CSR,  but that's not 100% true  & if you have the certreq tool.

In this example, I'm crafting a CSR that will  use "X509v3 Subject Alternative Names" and with a sha2 signature.

The  below  is the content of my values

The window's  cmd.exe needs to be ran as "Administrator" level ,  and then you can call the above saved  text from the cli for the generation of the  CSR.

certreq -new yournamedinitfile.txt <thecsrnamed_output>

 This will generate a base  CSR that can be uploaded to any CA for signing.

Key items to notice;

  • the  "HashAlgorithm"  value is set to ensure sha1 is not used.
  • DNS value are set for alternatveNames, just string out  the dns= value  for the altNames

Ken Felix

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=

        /  \

No comments:

Post a Comment