Technical Documents

How to Generate ECC Certificate Signing Request on Microsoft Management Console

How to Create Your ECC CSR Using the Microsoft Management Console (MMC)

  1. Open Microsoft Management Console as an admin.
    1. On the Windows Start screen, type mmc.
    2. Right-click on mmc.exe and then click Run as administrator.
    3. In the User Account Control window, click Yes to allow the program to make changes to the computer.
  2. In the MMC Console, click File > Add/Remove Snap-in.
  3. MMC Console
  4. In the Add or Remove Snap-ins window, under Available snap-ins, select Certificates and then, click Add.MMC Console add snap-in
  5. In the Certificate snap-in window, select Computer account so that you can manage the certificates that are installed on this computer.MMC Console add snap-in
  6. In the Select Computer window, select Local computer: (the computer this console is running on) and then, click Finish.MMC Console add snap-in
  7. In the Add or Remove Snap-ins window, click OK.
  8. MMC Console add snap-in
  9. In the MMC Console, in the console tree, expand Certificates > Personal, right-click on the Certificates folder, and then, click All Tasks > Advanced Operations > Create Custom Request.MMC Console create custom request
  10. In the Certificate Enrollment wizard, on the Before You Begin page, click Next.
  11. MMC Console Certificate Enrollment wizard
  12. On the Select Certificate Enrollment Policy page, select Process without enrollment policy and then, click Next.MMC Console Certificate Enrollment wizard
  13. On the Custom request page, do the following things, and then click Next.
    Template:In the drop-down list, you select (No template) CNG key.
    Request format:Select PKCS #10.
    MMC Console Certificate Enrollment wizard
  14. On the Certificate Information page, expand Details (click the drop-down arrow) and then click Properties.MMC Console Certificate Enrollment wizard
  15. In the Certificate Properties window, on the General tab, do the following:
    Friendly name:Type a friendly name for the ECC SSL Certificate.
    Note: The friendly name is not part of the certificate; instead, it is used to identify the certificate.
    Description:Type a brief description about the certificate.
    MMC Console Certificate Enrollment wizard
  16. On the Subject tab, under Subject name, select a Type, enter the appropriate Value for the type, and then click Add. your company's legally registered name (i.e. YourCompany, Inc.).
    TypeValue
    Common nameEnter the fully qualified domain name (i.e. www.example.com).
    Organization unitEnter the department within your organization that you want to appear on the ECC SSL Certificate.
    LocalityEnter the city where your company is legally located.
    StateEnter the state/province/region where your company is legally located.
    CountryEnter the country where your company is legally located.
    MMC Console Certificate Enrollment wizard
  17. If you are ordering a Multi-Domain (SAN) or an EV Multi-Domain ECC SSL Certificate, enter additional hostnames (i.e. example2.com, example3.net, mail.example.net) that you want your EV Multi-Domain or Multi-Domain (SAN) Certificate to secure.
    1. Under Alternative name, in the Type drop-down list, select DNS.
    2. In the Value box, enter an additional hostname that you want the certificate to secure and then click Add.
    3. Repeat for each additional hostname that you want to add to the certificate.
    MMC Console Certificate Enrollment wizard
  18. On the Private Key tab, expand Cryptographic Service Provider and then under Select cryptographic service provider (CSP), do the following:
    1. Uncheck RSA, Microsoft Software Key Storage Provider.
    2. Check ECDSA_P256, Microsoft Software Key Storage Provider.

      Recommended ECC key size is 256-bit. If greater encryption strength is required, your other private key options are 384 or 521.

      Note: You can select any of the ECDSA options for your ECC SSL Certificate. Do not use the ECDH options.

    MMC Console Certificate Enrollment wizard
  19. Next, expand Key options and check Make private key exportable.
  20. MMC Console Certificate Enrollment wizard
  21. Finally, click Apply and then click OK.
  22. In the Certificate Enrollment wizard, on the Certificate Information page, click Next.
  23. MMC Console Certificate Enrollment wizard
  24. On the Where do you want to save the offline request page, do the following:
    1. For the File format, select Base 64.
    2. In the File Name box, type a name for your CSR file (i.e. ecc_ssl_csr).
    3. Click Browse to select the location where you want to save the CSR (.req) file and then click Save.

      Make sure to note the filename and the location where you saved your CSR file.

    4. Click Finish.
    MMC Console Certificate Enrollment wizard
  25. Use a text editor (such as Notepad) to open the file.
  26. Notepad - CSR
  27. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and enter it into the order form.

    Note: During your SSL Certificate ordering process, make sure that you select OTHER when asked to Select Server Software. This option ensures that you receive all the required certificates.

  28. After you receive your ECC SSL Certificate, you can install it.