The Microsoft certreq utility uses a configuration file to generate a CSR. You must create a configuration file before you can generate the request. Create the file and generate the CSR on the Windows Server computer that hosts the View server that will use the certificate.

1

Open a text editor and paste the following text, including the beginning and ending tags, into the file.


;----------------- request.inf ----------------- 

[Version] 

Signature="$Windows NT$ 

[NewRequest]

Subject = "CN=View_Server_FQDN, OU=Organizational_Unit, O=Organization, 
 L=City, S=State, C=Country" 
; Replace View_Server_FQDN with the FQDN of the View server.
; Replace the remaining Subject attributes.  
KeySpec = 1 
KeyLength = 2048 
; KeyLength is usually chosen from 2048, 3072, or 4096. A KeyLength
; of 1024 is also supported, but it is not recommended. 
Exportable = TRUE 
MachineKeySet = TRUE 
SMIME = False 
PrivateKeyArchive = FALSE 
UserProtected = FALSE 
UseExistingKeySet = FALSE 
ProviderName = "Microsoft RSA SChannel Cryptographic Provider" 
ProviderType = 12
RequestType = PKCS10 
KeyUsage = 0xa0 

[EnhancedKeyUsageExtension] 

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication 

;-----------------------------------------------

2

Update the Subject attributes with appropriate values for your View server and deployment.

For example: CN=dept.company.com

Note

Some CAs do not allow you to use abbreviations for the state attribute.

3

(Optional) Update the Keylength attribute.

The default value, 2048, is adequate unless you specifically need a different KeyLength size. Many CAs require a minimum value of 2048. Larger key sizes are more secure but have a greater impact on performance.

A KeyLength of 1024 is also supported, although the National Institute of Standards and Technology (NIST) recommends against keys of this size, as computers continue to become more powerful and can potentially crack stronger encryption.

4

Save the file as request.inf.

Generate a CSR from the configuration file.