- Create a text file and name it for example RequestPolicy.inf.
- Copy/paste the following text to the file:
[Version] Signature="$Windows NT$" [NewRequest] Subject = "CN=myserver.mycompany.com" KeyLength = 2048 KeySpec = 1 KeyUsage = 0xA0 ProviderName = "Microsoft RSA SChannel Cryptographic Provider" RequestType = PKCS10 FriendlyName = "My application" [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; Server Authentication OID=1.3.6.1.5.5.7.3.2 ; Client Authentication
- Adapt the file content according to your needs.
Typically you must at least:- Update the Subject
- Update the FriendlyName
Additionally you may also:
- Add SAN elements
- Configure the private key as exportable
More about the policy file’s syntax.
Note:
For improved security, it is recommended to remove unneeded capabilities.
For example, if only client authentication is needed, remove server authentication.