How to create a certificate request policy file

Create a text file and name it for example RequestPolicy.inf.

Copy/paste the following text to the file:

[Version]
 Signature="$Windows NT$"

[NewRequest]
 Subject = "CN=myserver.mycompany.com"
 KeyLength = 2048
 KeySpec = 1
 KeyUsage = 0xA0
 ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
 RequestType = PKCS10
 FriendlyName = "My application"

[EnhancedKeyUsageExtension]
 OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
 OID=1.3.6.1.5.5.7.3.2 ; Client Authentication

Adapt the file content according to your needs.
Typically you must at least:
- Update the Subject
- Update the FriendlyName
Additionally you may also:
- Add SAN elements
- Configure the private key as exportable

More about the policy file’s syntax.

Note:
For improved security, it is recommended to remove unneeded capabilities.
For example, if only client authentication is needed, remove server authentication.

Leave a Reply Cancel reply

Enter your comment here...

Please log in using one of these methods to post your comment:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google+ account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Luke's IT blog

Azure, Windows, Powershell, Security and more…

How to create a certificate request policy file

Leave a Reply Cancel reply

Share this:

Like this:

Related

Leave a Reply Cancel reply