How to create a certificate request policy file

  1. Create a text file and name it for example RequestPolicy.inf.
  2. Copy/paste the following text to the file:
    [Version]
     Signature="$Windows NT$"
    
    [NewRequest]
     Subject = "CN=myserver.mycompany.com"
     KeyLength = 2048
     KeySpec = 1
     KeyUsage = 0xA0
     ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
     RequestType = PKCS10
     FriendlyName = "My application"
    
    [EnhancedKeyUsageExtension]
     OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
     OID=1.3.6.1.5.5.7.3.2 ; Client Authentication
  3. Adapt the file content according to your needs.
    Typically you must at least:

    • Update the Subject
    • Update the FriendlyName

    Additionally you may also:

More about the policy file’s syntax.

Note:
For improved security, it is recommended to remove unneeded capabilities.
For example, if only client authentication is needed, remove server authentication.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s