The Microsoft certreq utility uses a configuration file to generate a CSR. You must create a configuration file before you can generate the request. Create the file and generate the CSR on the Windows Server computer that hosts the View server that will use the certificate.

1

Open a text editor and paste the following text, including the beginning and ending tags, into the file.


;----------------- request.inf ----------------- 

[Version] 

Signature="$Windows NT$ 

[NewRequest]

Subject = "CN=View_Server_FQDN, OU=Organizational_Unit, O=Organization, L=City, S=State, C=Country" 
; Replace View_Server_FQDN with the FQDN of the View server.
; Replace the remaining Subject attributes.  
KeySpec = 1 
KeyLength = 2048 
; KeyLength is usually chosen from 2048, 3072, or 4096. A KeyLength
; of 1024 is also supported, but it is not recommended. 
Exportable = TRUE 
MachineKeySet = TRUE 
SMIME = False 
PrivateKeyArchive = FALSE 
UserProtected = FALSE 
UseExistingKeySet = FALSE 
ProviderName = "Microsoft RSA SChannel Cryptographic Provider" 
ProviderType = 12
RequestType = PKCS10 
KeyUsage = 0xa0 

[EnhancedKeyUsageExtension] 

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication 

;-----------------------------------------------

If an extra CR/LF character is added to the Subject = line when you copy and paste the text, delete the CR/LF character.

2

Update the Subject attributes with appropriate values for your View server and deployment.

For example: CN=dept.company.com

Note

Some CAs do not allow you to use abbreviations for the state attribute.

3

(Optional) Update the Keylength attribute.

The default value, 2048, is adequate unless you specifically need a different KeyLength size. Many CAs require a minimum value of 2048. Larger key sizes are more secure but have a greater impact on performance.

A KeyLength of 1024 is also supported, although the National Institute of Standards and Technology (NIST) recommends against keys of this size, as computers continue to become more powerful and can potentially crack stronger encryption.

Important

Do not generate a KeyLength value under 1024. View Client for Windows and View Client for Windows with Local Mode will not validate a certificate on a View server that was generated with a KeyLength under 1024, and the View Clients will fail to connect to View. Certificate validations that are performed by View Connection Server will also fail, resulting in the affected View servers showing as red in the View Administrator dashboard.

4

Save the file as request.inf.

Generate a CSR from the configuration file.