ECC CSR on Windows

Owned by Lise Kristoffersen
Last updated: Apr 28, 2022 by Georg Johansen
3 min read

ECC CSR on Windows

On the Windows server you intend to generate the CSR and later importing the certificate:

1 Open MMC with admin privileges

2 Open ‘Add/Remove Snap-in

 

3 Choose ‘Certificates’ and press ‘Add’

4 Choose ‘Computer Account’, press ‘Next’, choose Local computer and press ‘Finish’. Press OK on the Add or Remove Snap-ins window.

 

5 Expand the ‘Certificates (Local Computer)’ folder and expand the ‘Personal’ folder and right click the ‘Certificates’ folder.

6 Expand ‘All tasks’, expand ‘Advanced Operations’ and press ‘Create Custom Request’

Press ‘Next’

7 Choose ‘Proceed without enrollment policy’ and press ‘Next’.

8 Press Next

9 Press ‘Properties’

10 Give the certificate a name and description

11 Press the ‘Subject’ tab on top. Enter the domain name for the certificate under ‘Subject name: Type: Common name’ and press ‘Add’.

Multiple domain names can either be entered under Alternate name: Type DNS, or it can be registered later in the Buypass web portal where you submit the certificate request.

12 Press the ‘Private Key’ tab and expand ‘Cryptographic Service Provider’

Deselect the marker on RSA,Microsoft Software Key Storage Provider

Scroll down and check the marker at ECDSA_P256, Microsoft Software Key Storage Provider

13 Expand ‘Key options’ and check the marker at ‘Make private key exportable’ if you ever wish to export the certificate from the computer generating the certificate request.

Press ‘OK’

14 Press ‘Next’

15 Choose a filename and location for the certificate request.

Press ‘Finish’

16 Submit the certificate request at the Buypass webportal for ordering certificates.

When you later receive the certificate in PEM format, convert the PEM certificate part to crt format using the following OpenSSL command: openssl x509 -in certificate.pem -out certificate.crt

Then open the certificate file on the computer you generated the certificate request and press ‘Install Certificate’. Choose ‘Local Machine’ and press ‘Next’

Choose ‘Automatically select the certificate store’ and press ‘Next’ and press ‘Finish’

The certificate will now automatically bind to the ECC already generated key on the computer when creating the certificate request.

The certificate can be found in MMC – Local computer – Personal – Certificates.