To request an SSL certificate is now a SHA-2 Certificate Signing Request (CSR) is required. Using the MMC on a server environment or the certificate manager on a desktop environment allows you to generate a CSR with SHA-2 algorithm.
- Open the Local Machine Certificate Store on a server via the MMC (Start → Run → MMC) or go on a desktop to C:WindowsSystem32certmgr.msc.
- Right-click on the Personal folder and select All tasks → Advanced operations → Create custom request.
- A window appears entitled "Certificate Enrollment". Click Next.
- Leave everything at default and click Next. Note: If you are requesting the certificate for TMG Server, you must (No template) Legacy choose.
- Click the button next to Details, and then click Properties.
- In the tab General you type a friendly name in and go to the next tab.
- In the tab Subject enter the following data:
Common name
Country
Locality
Organization
Organization unit
Click Add again before moving on to the next. When everything is added to the right side, go to the next tab.
- In the tab Extensions, click the arrow to the right Extended Key Usage (application policies). When Available options, click Server Authentication → Add. Do the same for Client Authentication. Now go to the last tab.
- In de tab Private key klik rechts van Cryptographic Service Provider op het pijltje. Selecteer alleen RSA, Microsoft Software Key Storage Provider. Onder Key options selecteert u bij Key size: 2048 en vink Make private key exportable aan als u het certificaat wilt kunnen exporteren naar een .pfx bestand. Bij Select Hash Algorithm kunt u aangeven met welk algorithme de CSR versleuteld moet zijn. Deze is standaard SHA1, selecteer hier SHA2(56).
- Click Apply → Ok.
- Click Next. In the next screen, click Browse ... to select the location where the CSR should be saved and give the file a name (for example: CSR) and click Save.
- Click Finish.
- Copy the entire contents of the created CSR, including start and finish lines, and go to the order page on our website to order the certificate.