Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
ECC CSR on Windows
On the Windows server you intend to generate the CSR and later importing the certificate:
1 Open MMC with admin privileges
2 Open ‘Add/Remove Snap-in
Image Modified3 Choose ‘Certificates’ and press ‘Add’
Image Modified4 Choose ‘Computer Account’, press ‘Next’, choose Local computer and press ‘Finish’. Press OK on the Add or Remove Snap-ins window.
Image Modified5 Expand the ‘Certificates (Local Computer)’ folder and expand the ‘Personal’ folder and right click the ‘Certificates’ folder
Image Modified6 Expand ‘All tasks’, expand ‘Advanced Operations’ and press ‘Create Custom Request’
Image ModifiedPress ‘Next’
Image Modified7 Choose ‘Proceed without enrollment policy’ and press ‘Next’.
Image Modified8 Press Next
Image Modified9 Press ‘Properties’
Image Modified10 Give the certificate a name and description
Image Modified11 Press the ‘Subject’ tab on top. Enter the domain name for the certificate under ‘Subject name: Type: Common name’ and press ‘Add’.
Multiple domain names can either be entered under Alternate name: Type DNS, or it can be registered later in the Buypass web portal where you submit the certificate request.
Image Modified12 Press the ‘Private Key’ tab and expand ‘Cryptographic Service Provider’
Deselect the marker on RSA,Microsoft Software Key Storage Provider
Image ModifiedScroll down and check the marker at ECDSA_P256, Microsoft Software Key Storage Provider
Image Modified13 Expand ‘Key options’ and check the marker at ‘Make private key exportable’ if you ever wish to export the certificate from the computer generating the certificate request.
Image ModifiedPress ‘OK’
14 Press ‘Next’
Image Modified15 Choose a filename and location for the certificate request.
Image ModifiedPress ‘Finish’
16 Submit the certificate request at the Buypass webportal for ordering certificates.
When you later receive the certificate in PEM format, convert the PEM certificate part to crt format using the following OpenSSL command: openssl x509 -in certificate.pem -out certificate.crt
Then open the certificate file on the computer you generated the certificate request and press ‘Install Certificate’. Choose ‘Local Machine’ and press ‘Next’
Image ModifiedChoose ‘Automatically select the certificate store’ and press ‘Next’ and press ‘Finish’