Found the way to do it:
MMC -> Certificates(Local Computer) -> Right click on the Personal folder -> All Tasks -> Advanced Operations -> Create Custom Request...
![enter image description here](https://cdn.statically.io/img/i.sstatic.net/EtBKi.png)
I choose Proceed without enrollment policy
and clicked next. Choose (No Template) Legacy key
for compatibility and more options and use PKCS #10
. Click on next and click on Properties
.
![enter image description here](https://cdn.statically.io/img/i.sstatic.net/JAYaD.png)
Enter a Friendly name and Description and hit apply. Don't forget to hit apply after changes has been done on each tab.
Other tab examples for https certificate. Remember to add a valid Host + Domain Name for Common Name (CN), should look like www.yoursite.com
or yoursite.com
. Subject Alternative Names should be added under Alternative name
and Type DNS
.
If you need a new CSR similar to an existing certificate look at that certificate details and the Fields Subject
and Subject Alternative Name
![enter image description here](https://cdn.statically.io/img/i.sstatic.net/Drqom.png)
Under the tab Extensions
choose Client Authentication
Server Authentication
for Extended Key Usage (application policies)
.
![enter image description here](https://cdn.statically.io/img/i.sstatic.net/OC2C6.png)
Under the tab Private Key
choose Key size
4096 and Make private key exportable
.
If you have the Key type
flap choose Exchange
otherwise check that Select Hash Algorithm
is set to sha256
.
![enter image description here](https://cdn.statically.io/img/i.sstatic.net/awWFb.png)
If you choose (No Template) CNG key
it will look like this:
![enter image description here](https://cdn.statically.io/img/i.sstatic.net/XrhWe.png)
Save with OK and then save the file as Base64
.