Generate CSR from Windows Server with SAN (Subject Alternative Name)

Please refer to the steps below on how to generate CSR from Windows Server with SAN (Subject Alternative Name) as SSL certificates generated from IIS do not contain a SAN

Google Chrome requires SSL certificates to use SAN (Subject Alternative Name) instead of the popular Common Name (CN) since version 58 – https://www.thesslstore.com/blog/security-changes-in-chrome-58/

  1. Run “certlm.msc” to open the Certificate – Local Computer

  2. Right click on Personal and select All Tasks – Advanced Operations – Create Custom Request

  1. Click Next

  1. Select Custom Request – Proceed without enrollment policy and click Next

  1. Click Next

  1. Expand Detail and click on Properties

  1. Enter Name & Description

  1. Select DNS with *.aventislab.com – this will be the SAN (Subject Alternative Name) included in our SSL Certificate

  1. Change the Key Size to 2048 and Check Make Private Key Exportable

  1. Enter C:\temp\aventislab.req to export the CSR File

  1. Login to LAB-AD01 which is our Enterprise Root CA Server, and run “certreq -submit -attrib “CertificateTemplate:webserver” C:\temp\aventislab.req C:\temp\aventislab.cer” to generate the aventislab.cer file
certreq -submit -attrib "CertificateTemplate:webserver" C:\temp\aventislab.req C:\temp\aventislab.cer
Active Directory Enrollment Policy
  {C14446F0-EC5A-4A11-8BCD-EC6B0044C156}
  ldap:
RequestId: 7
RequestId: "7"
Certificate retrieved(Issued) Issued

Import the SSL Certificate and generate the PFX File

  1. Go to Certificate – Local Computer and select Import

  1. Select c:\temp\aventislab.cer

  1. Place the certificate in Personal

  1. Verify the SAN (Subject Alternative Name) is included

  1. Right click *.aventislab.com and select Export

  1. Select Yes, export the private key

  1. Click Next

  1. Enter Password for the Private Key

  1. Export the PFX file to C:\temp\aventislab.pfx

We can keep the PFX file and import it to Microsoft Exchange Server or IIS Web Server later.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top