Pete Hinchley: Create a Web Server Certificate from the Command Line

A quick guide on creating a web server certificate from the command line using an enterprise root certificate authority. This example creates a cert named with a SAN of The certificate authority is hosted on and is named Lab Enterprise Certificate Authority.

Start by creating a file named cert.inf with the following content:

Signature = "$Windows NT$"
Subject = ""
Exportable = TRUE
KeyLength = 4096
KeySpec = 1 ; required for encryption
KeyUsage = 0xA0 ; digital signature, key encipherment
MachineKeySet = TRUE ; key belongs to the local computer account
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = CMC
CertificateTemplate = "WebServer"
[Extensions] = "{text}"
OID= ; server authentication

Next, run the following commands to generate the cert request, submit it to the CA, and install the certificate:

certreq -new cert.inf cert.req
certreq -submit -config "\Lab Enterprise Certificate Authority" cert.req cert.cer
certreq –accept cert.cer