Generating SSL Certificate Signing Request using Microsoft ECC

Before generating an ECC CSR (Elliptic Curve Cryptography Certificate Signing Request) and ordering an ECC SSL Certificate form COMODO, make sure that your environment is compatible with ECC SSL Certificates. For more information about Elliptic Curve Cryptography, see Elliptic Curve Cryptography ECC Explained.

Use these instructions to generate the ECC CSR and then install your ECC SSL Certificate.

To install your ECC SSL Certificate, see Microsoft Servers: Install Your ECC SSL Certificate.

 

These instructions were created on Windows Server 2012. Depending on which Microsoft platform or operating system you are using, you may need to modify these instructions accordingly.

How to Create Your ECC CSR Using the Microsoft Management Console (MMC)

  1. Open Microsoft Management Console as an admin.

    1. On the Windows Start screen, type mmc.

    2. Right-click on mmc.exe and then click Run as administrator.

    3. In the User Account Control window, click Yes to allow the program to make changes to the computer.

  2. In the MMC Console, click File > Add/Remove Snap-in.

    MMC Console

  3. In the Add or Remove Snap-ins window, under Available snap-ins, select Certificates and then, click Add.

    MMC Console add snap-in

  4. In the Certificate snap-in window, select Computer account so that you can manage the certificates that are installed on this computer.

    MMC Console add snap-in

  5. In the Select Computer window, select Local computer: (the computer this console is running on) and then, click Finish.

    MMC Console add snap-in

  6. In the Add or Remove Snap-ins window, click OK.

    MMC Console add snap-in

  7. In the MMC Console, in the console tree, expand Certificates > Personal, right-click on the Certificates folder, and then, click All Tasks > Advanced Operations > Create Custom Request.

    MMC Console create custom request

  8. In the Certificate Enrollment wizard, on the Before You Begin page, click Next.

    MMC Console Certificate Enrollment wizard

  9. On the Select Certificate Enrollment Policy page, select Process without enrollment policy and then, click Next.

    MMC Console Certificate Enrollment wizard

  10. On the Custom request page, do the following things, and then click Next.

    Template: In the drop-down list, you select (No template) CNG key.
    Request format: Select PKCS #10.

    MMC Console Certificate Enrollment wizard

  11. On the Certificate Information page, expand Details (click the drop-down arrow) and then click Properties.

    MMC Console Certificate Enrollment wizard

  12. In the Certificate Properties window, on the General tab, do the following:

    Friendly name: Type a friendly name for the ECC SSL Certificate.
      Note: The friendly name is not part of the certificate; instead, it is used to identify the certificate.
    Description: Type a brief description about the certificate.

    MMC Console Certificate Enrollment wizard

  13. On the Subject tab, under Subject name, select a Type, enter the appropriate Value for the type, and then click Add.

    TypeValue
    Common name Enter the fully qualified domain name (i.e. www.example.com).
    Organization Enter your company's legally registered name (i.e. YourCompany, Inc.).
    Organization unit Enter the department within your organization that you want to appear on the ECC SSL Certificate.
    Locality Enter the city where your company is legally located.
    State Enter the state/province/region where your company is legally located.
    Country Enter the country where your company is legally located.

    MMC Console Certificate Enrollment wizard

  14. If you are ordering a Multi-Domain (SAN) or an EV Multi-Domain ECC SSL Certificate, enter additional hostnames (i.e. example2.com, example3.net, mail.example.net) that you want your EV Multi-Domain or Multi-Domain (SAN) Certificate to secure.

    1. Under Alternative name, in the Type drop-down list, select DNS.

    2. In the Value box, enter an additional hostname that you want the certificate to secure and then click Add.

    3. Repeat for each additional hostname that you want to add to the certificate.

    MMC Console Certificate Enrollment wizard

  15. On the Private Key tab, expand Cryptographic Service Provider and then under Select cryptographic service provider (CSP), do the following:

    1. Uncheck RSA, Microsoft Software Key Storage Provider.

    2. Check ECDSA_P256, Microsoft Software Key Storage Provider.

      Recommended ECC key size is 256-bit. If greater encryption strength is required, your other private key options are 384 or 521.

      Note:    You can select any of the ECDSA options for your ECC SSL Certificate. Do not use the ECDH options.

    MMC Console Certificate Enrollment wizard

  16. Next, expand Key options and check Make private key exportable.

    MMC Console Certificate Enrollment wizard

  17. Finally, click Apply and then click OK.

  18. In the Certificate Enrollment wizard, on the Certificate Information page, click Next.

    MMC Console Certificate Enrollment wizard

  19. On the Where do you want to save the offline request page, do the following:

    1. For the File format, select Base 64.

    2. In the File Name box, type a name for your CSR file (i.e. ecc_ssl_csr).

    3. Click Browse to select the location where you want to save the CSR (.req) file and then click Save.

      Make sure to note the filename and the location where you saved your CSR file.

    4. Click Finish.

    MMC Console Certificate Enrollment wizard

  20. Use a text editor (such as Notepad) to open the file.

    Notepad - CSR

  21. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and enter it into the COMODO order form.

    Note:    During your COMODO SSL Certificate ordering process, make sure that you select OTHER when asked to Select Server Software. This option ensures that you receive all the required certificates.

  22. After you receive your ECC SSL Certificate from COMODO, you can install it.

 
Featured Clients
Back to TOP