top of page
  • Writer's pictureJJC Systems

Generating CSR from Windows Server usig OpenSSL

Objective: This SOP outlines the step-by-step process for generating a Certificate Signing Request (CSR) from a Windows Server.

Equipment/Software Required:

1. Windows Server with administrative privileges.

2. Internet connectivity.

3. OpenSSL (can be downloaded from


1. Install OpenSSL:

a. Download the appropriate version of OpenSSL for your Windows Server from the provided link.

b. Run the installer and follow the on-screen instructions to complete the installation process.

c. Ensure that OpenSSL is successfully installed by opening the command prompt and running the command: openssl version

2. Generate Private Key:

a. Open the command prompt as an administrator.

b. Navigate to the OpenSSL installation directory by executing the command: cd C:\OpenSSL\bin (replace with the actual path if different).

c. Generate a private key by running the command: openssl genrsa -out private.key 2048 This will create a private key file named "private.key" with a key length of 2048 bits.

3. Generate CSR:

a. Run the following command to generate the CSR: openssl req -new -sha256 - key private.key -out csr.csr

b. Provide the required information when prompted:

  • Common Name (CN): Enter the fully qualified domain name (FQDN) for which the certificate will be issued (e.g.,

  • Organization (O): Enter the legal name of your organization.

  • Organizational Unit (OU): (Optional) Enter the department or division within your organization.

  • City or Locality (L): Enter the city or locality where your organization is located.

  • State or Province (ST): Enter the state or province where your organization is located.

  • Country (C): Enter the two-letter country code for your organization (e.g., US for United States).

  • Email Address (E): (Optional) Enter an email address for contact purposes.

  • Challenge Password: Leave this field blank unless you specifically require a challenge password.

  • Optional Company Name: (Optional) Enter the legal name of your organization. c. Verify that the CSR file "csr.csr"has been generated in the OpenSSL bin directory.

4. Submit CSR for Certificate:

  • Provide the CSR file ("csr.csr") to the Certificate Authority (CA) or use an online CA portal to submit the CSR.

  • Follow the CA's instructions to complete the certificate issuance process.

5. Store Private Key Securely:

  • It is crucial to secure the private key file ("private.key") generated earlier.

  • Store the private key in a secure location with restricted access. Avoid storing it on the server or in a publicly accessible location.

6. Import and Install Certificate:

  • Once you receive the signed certificate from the CA, follow their provided instructions for importing and installing the certificate on your Windows Server.

  • Typically, the process involves importing the certificate into the server's certificate store and assigning it to the appropriate services or applications.

Note: This SOP provides a general guideline for generating a CSR from a Windows Server using OpenSSL. The specific steps and commands may vary depending on the version of OpenSSL and the Windows Server configuration. Consult the OpenSSL documentation or the CA's instructions for any variations or additional requirements.

2 views0 comments
bottom of page