- Create a text file and name it for example RequestPolicy.inf.
- Copy/paste the following text to the file:
[Version] Signature="$Windows NT$" [NewRequest] Subject = "CN=myserver.mycompany.com" KeyLength = 2048 KeySpec = 1 KeyUsage = 0xA0 ProviderName = "Microsoft RSA SChannel Cryptographic Provider" RequestType = PKCS10 FriendlyName = "My application" [EnhancedKeyUsageExtension] OID=126.96.36.199.188.8.131.52.1 ; Server Authentication OID=184.108.40.206.220.127.116.11.2 ; Client Authentication
- Adapt the file content according to your needs.
Typically you must at least:
- Update the Subject
- Update the FriendlyName
Additionally you may also:
- Add SAN elements
- Configure the private key as exportable
More about the policy file’s syntax.
For improved security, it is recommended to remove unneeded capabilities.
For example, if only client authentication is needed, remove server authentication.