Generate a CSR from a certreq policy file

This section shows how to generate a Certificate Signing Request (CSR) from a certreq policy file on the computer where you plan to install Microsoft AD CS. Then, it describes how to create a public/private key pair in your Windows account profile after you generate the CSR file. In a later section, the KMES issues a signed certificate from the CSR, for you to associate with the public/private key pair stored in the Windows Certificate Store.

Create a policy file

Perform the following steps to create a certreq policy file:

Open a text editor on the computer where you plan to install Microsoft AD CS.

Create a new file, then copy and paste the following content into that file:

None

[Version]
Signature = "$Windows NT$"

[NewRequest]
Subject = "CN=ADCS"
Exportable = TRUE
KeyLength = 2048
MachineKeySet = TRUE

Save the file with the .inf extension (such as certreq_policy.inf).

Generate a CSR

Perform the following steps to generate a CSR from the certreq policy file:

Open either the command prompt or PowerShell.

Go to the directory with the certreq policy .inf file.

Run the following command to generate a certificate signing request (CSR) from the certreq policy .inf file:

Powershell

certreq -new -q -config "your.domain.com\Microsoft ADCS" certreq_policy.inf ADCS.csr

Copy the CSR file to the storage medium configured on your KMES Series 3.

⌘I

​Create a policy file

​Generate a CSR

Create a policy file

Generate a CSR