How to Generate a CSR without IIS or OpenSSL in Windows

Sometimes you need a public certificate for an application such as a Web Application Proxy, ADFS, or some other application. Most of the time certificates are created for web servers so the most popularly known way to generate a CSR is through IIS or OpenSSL. However, you may not have an IIS server available and don't want to go through the headache of installing IIS or OpenSSL just to generate a CSR to get your certificate. Thankfully, you don't need either to generate a CSR. You actually can do this a number of ways.

Option 1 - 3rd Party Utility

You have a couple simple to use options that you can use to generate a CSR quickly and easily. The first is you can use a free utility offered by DigiCert. This utility can do a lot more than just generate a CSR and you can use it with any Certificate Service. The benefit of this tool is it's all GUI based so very easy to use for Jr Sysadmins.

Option 2 - MMC

Open the Certificates snap-in in MMC and select the Computer Account. Then go under the Personal --> Certificates panel, right-click on the blank space and follow All Tasks --> Advanced Operations --> Create Custom Request’ to open the “Certificate Enrollment” wizard. Follow the wizard to generate your CSR.

Option 3 - CertReq.exe

Windows has a built-in utility called Certreq that is very easy to use and accepts a simple configuration file. The configuration file you customize with your own settings for your server FQDN, Organizational Unit, Organization, City, State, & country. Then run the command:

certreq -new request_config.inf csr.txt

Here is a configuration template with all the details and notes in it you need to easily use.


Option 4 - Powershell

You can easily find scripts to generate CSR's through Powershell if you search github.