Certreq New INF File

Question

I want to creat a Certificate Request with the Certreq.exe Command. To start a new request I need the mandatory inf file.

There is my problem, I need a inf file which creates, except the normal Variables (CN, O, OU, Provider, length ...) exact the same as if I would create the Cert Crequest over the IIS GUI.

My Question therefor, is there a way to find out what the "standard" key arguments that MS uses are or can I get this from an already create certificate (I know the Cert Details, there arent all infos need)?

Thanks

Answer 1

If you want to get information about existing IIS SSL certificate you can do that by using command

certutil -v -store my

This will show (probably all) information that you need to make inf file for certreq like Subject, SubjectAlternativeName, extensions, exportable flag and CSP name.

Inf file would then look like (taken from here)

[Version]
Signature="$Windows NT$"

[NewRequest]
;Change to your,country code, company name and common name
Subject = "C=US, O=Example Co, CN=something.example.com"

KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing

To generate the request you would then run command

certreq -new request.inf request.csr

and send request.csr to a CA to issuing a certificate. CA may use all information in your certificate request but does not have to, i.e. it might change extensions like enhanced key usage and add bot Client Authentication and Server Authentication.