Create a Custom Certificate Request
Applies To: Windows Server 2008
Administrators usually configure certificate templates in advance so that clients can use them to request or enroll for certificates. However, there might be occasions when none of the preconfigured certificate templates can meet a client's needs.
Custom requests can be used to modify a certificate template to meet unique needs, or to create a new certificate not based on a template. They can also be used to save a certificate request to a file for processing at a different time or on a different computer.
Users or local Administrators are the minimum group memberships required to complete this procedure. Review the details in "Additional considerations" in this topic.
To create a custom certificate request
Open the Certificates snap-in for a user, computer, or service.
In Logical Certificate Stores view mode, double-click Personal, and then click Certificates.
On the Action menu, point to All Tasks, select Advanced Operations, and then click Create custom request to launch the Certificate Enrollment Wizard. Click Next.
On the Custom Request page, click the drop-down list next to Templates, and do one of the following:
If you know what kind of certificate you want and want to accept the default configuration options, select the appropriate certificate template.
If you need a completely customized certificate, select (No template) CNG key or (No template) Legacy key.
Note
CNG keys might not be compatible with all applications.
Each certificate template includes a standard set of extensions that can indicate additional subject identification information, or it can indicate key usage information, which specifies the tasks (such as signature or encryption) for which a key can be used. If you want to use only the custom extensions that you specify, select the Suppress default extensions check box.
Select the file format you want to use for your certificate request:
PKCS #10 is a widely used format for certificate requests
CMC can be used to prepare requests that will be submitted to a non-Microsoft certification authority.
Click Next.
Click Details to view details of the certificate request. If you want to customize the request further, click Properties and fill in the desired options. When you are done, click OK to exit Certificate Properties, and then click Next.
Enter a file name and path, and then click Finish.
Additional considerations
User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can only be managed by an administrator or user who has been given the appropriate permissions.
To open the Certificates snap-in, see Add the Certificates Snap-in to an MMC
Additional references