1. Create a .inf file for your cert req
[Version]
Signature="$Windows NT$"
[NewRequest]
;Change to your,country code, company name and common name
Subject = "C=JP, O=SOME Logistics Co. Ltd., L=Shinagawa-Ku, S=Tokyo, CN=something.example.com"
KeySpec = 1
KeyLength = 4096
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing
OID=1.3.6.1.5.5.7.3.2
MachineKeySet - TRUE means it will be stored in Machine "Certificate Enrolment Requests" folder.
2. Request it:
certreq -new .\request_scapp_test.inf .\request_scapp_test.csr
3. Check it
openssl req -in .\request_scapp_test.csr -noout -text | clip
