Windows Server

Request a certificate signing request in Windows using Microsoft Management Console

request certificate signing request

In this article, we shall discuss how to Request a certificate signing request in Windows using Microsoft Management Console. SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website’s origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website’s public key and the website’s identity, along with related information. Since certificates play a vital role in securing communications between federation servers, claim-aware applications, web clients, etc.

Therefore, AD FS requires a certificate for Secure Socket Layer (SSL) server authentication on each federation server in your federation server farm. See the following interesting guides on how to import a certificate into the Trusted Root and Personal file certificate store, how to request a certificate signing request in Windows using Microsoft Management Console, and how to export a certificate in PFX format in Windows.

If you are not going to perform the certificate request yourself. You are requested to provide the components needed to create a certificate for you.

Steps for setting and Configuring AD FS

This will need to be replicated to other domain controllers and for safety precautions, DC will have to wait 10 hours from when the key is created to ensure that you are able to answer password-related queries that relate to this key. See this article on deploying ADFS farm.

Note: To avoid AD FS from failing to start, you can run this PowerShell command in advance to ensure you meet the 10 hours requirements. The image below shows the service account being used


Step 1Request for a certificate to work with AD FS

See the following AD FS Requirements for more information. Please see Guide on federating ADFS with Azure Active Directory, Log Off: How to sign out of Windows Server 2012, and ADFS: How to install and configure Active Directory Federation Service in Windows Server.

How to Open Certificate Manager

Use the step in the image below to manage certificates. But I prefer using the alternative method described below in creating certificates. Here I can specify the right snap-in type of users and computers to be managed.

  • Click the Start button,
  • Type certmgr.msc in the search field, and
  • Click the Enter key

Search for run, type certmgr.msc in the open field and press enter. This step will open the local computer certificate management console.

Microsoft Management Console
Alternatively, this can be accessed using the MMC

Click the Start button, type mmc  in the search field, and click the Enter key

Or search for run, type mmc in the open field and press enter.

Launch the MMC console

Note: In using the MMC Console, you will have to add the certificate snap-in as shown below.

certificate request Windows

Click on file, select add/remove Snap-in

request certificate signing request

Select Certificate and click on add

Microsoft Management Console

Select the local computer and click on finish


Note: You can also run this on another computer. Finally, click on okay.

certificate request Windows

This will certificate management console. Expand the certificates, you will have access to all folders in the local computer as shown below.

request certificate signing request

Also, see how to save and stop modification to Microsoft Management Console, and Linux: How can I tell if a password is set for a user account, and How to Disable Driver Signature Enforcement in Windows 11.

Step 2: Create a Custom Request

In order to create a certificate signing request, follow the steps below. Click on Personal, select all tasks, and advanced options and Create a Custom Request

Microsoft Management Console

Click on Next

Select proceed without enrolment.

On the Custom request, leave everything as default.

On the Certificate Information page, expand the details tab as shown below and click on properties.

Enter your desired friendly name and description and click on apply

On the Subject menu, enter the relevant details and click on Apply.

Here: I selected the CN and entered the field

  • Under Alternative Name, I entered the same values as the CN as required by ADFS.
  • I also entered under DNS the Subject alternate name
  • Also entered to support authentication on port 443.
  • And lastly, I ensured the SAN contained “enterpriseregistration.<upn suffix> for more information

On the Private Key Menu, expand the key option in order to select your desired key size.

When you are done, click on ok and this will display the Certificate Information Window once more

Click on next. Finally, enter your desired path to store the certificate. Remember to add the .req to the filename

Click on finish. See this guide on how to import the certificate to the Trusted Root and Personal File Certificate Store.

Note: Self-signed certificates are not trusted by default and they can be difficult to maintain. Also, they may use outdated hash and cipher suites that may not be strong. For better security, purchase a certificate signed by a well-known certificate authority.

FAQs on creating a certificate signing request in Windows

What public key algorithm should be used in a CSR, and why is it important?

The choice of the public key algorithm in a CSR is crucial for security. Common options include RSA and ECC (Elliptic Curve Cryptography). The selection can impact the certificate’s security and compatibility with various systems. RSA is widely supported, while ECC offers similar security with shorter key lengths. The choice should align with your security requirements and the compatibility of systems where the certificate will be used

What is the next step after generating a CSR?

After creating a CSR, the next step is to submit it to a trusted Certificate Authority (CA). The CA will review the CSR, verify the information, and issue a digital certificate if the request is valid. Once you receive the certificate from the CA, you can install it on your server for secure communication.

I hope you found this blog post helpful on how to Request a certificate signing request in Windows using Microsoft Management Console. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x