How to create a certificate request policy file

  1. Create a text file and name it for example RequestPolicy.inf.
  2. Copy/paste the following text to the file:
     Signature="$Windows NT$"
     Subject = ""
     KeyLength = 2048
     KeySpec = 1
     KeyUsage = 0xA0
     ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
     RequestType = PKCS10
     FriendlyName = "My application"
     OID= ; Server Authentication
     OID= ; Client Authentication
  3. Adapt the file content according to your needs.
    Typically you must at least:

    • Update the Subject
    • Update the FriendlyName

    Additionally you may also:

More about the policy file’s syntax.

For improved security, it is recommended to remove unneeded capabilities.
For example, if only client authentication is needed, remove server authentication.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s