Menu

Generate ECC CSR Windows Server 2008+

Jan 13, 2025

Generate ECC CSR Windows Server 2008+

Introduction


Microsoft added support for ECC (Elliptic Curve Cryptography) starting with Windows Server 2008. While the support is present in Server 2008 - Server 2012 R2, the default CSP (Cryptographic Service Provider) is set to generate RSA keys. In order to generate an ECC key, the CSP must be manually specified. This can be accomplished with a CSR request through the MMC. 
 

Instructions

 

  1. 1.  Go to Start > Run > mmc. Press Enter:

    image_1.png
  2. 2. In the MMC, go to File > Add / Remove Snap-In...

    image_2.png
  3. Choose the Certificates snap-in. Click Add.

    3.png
  4. Choose Computer Account. Click Next >

    4.png
  5. Choose Local Computer. Click Finish.

    5.png
  6. Click OK to exit the snap-in window.

    6.png
  7. In the MMC window, expand the following sections: Certificates (Local Computer) > Personal Certificates.

    7.png
  8. Right-click the Certificates folder and go to All Tasks > Advanced Operations > Create Custom Request...

    8.png
  9. Click Next on the Certificate Enrollment window. 

    9.png
  10. Choose Proceed without enrollment policy. Click Next.

    10.png
  11.  Choose CNG Key and the PKCS#10 options. (These should be default).

    11.png
  12.  Expand the Details section of the custom request and click Properties

    12.png
  13.  On the General tab, fill out a Friendly name and Description. These options are for certificate identification in places like IIS & Exchange. This information does not get vetted or appear on the certificate itself. 

    13.png
  14. On the Subject tab you can specify various fields to appear in your CSR. Select the field you wish to populate from the drop-down menu, enter a value, and click Add.

    14.png
  15. Repeat this for each additional field you wish to specify. At minimum for a Domain Validated certificate, you should have Common Name and Country specified. 

    15.png
  16.  Skip to the Private Key tab and expand the Cryptographic Service Provider section. 
     

    Uncheck the first box for RSA, Microsoft Software Key Storage Provider

    Choose one of the ECDSA boxes for an ECC provider. In this instance, the P256 curve is chosen (most common).

    16.png 

  17. Next expand the Key Options section. Here you can mark the key as exportable. 


    Click Apply. Click OK.

    17.png

  18. Click Next to continue the Certificate Enrollment process.

    18.png
  19. Choose the Base 64 option and click Browse to choose a location for your CSR:

    19.png
  20.  Name your request and press Save

    20.png
  21. Click Finish to complete your request. 

    21.png

 

Related Articles

DomainSSL Overview

Feb 28, 2020, 7:27 AM

An Overview of DomainSSL As one of the most popular SSL Certificates on the web, DomainSSL is one of the fastest and most affordable ways to activate strong SSL protection for your website. DomainSSL is fully automated which means you'll be able to start protecting your ecommerce, logins, webmail and more in just a few minutes, 24/7. keywords: domain ssl overview, domain ssl certificates, dv ssl certificates, dvssl, dv, ssl, domain overview

Read More

OrganizationSSL Overview

Mar 2, 2020, 7:38 AM

High assurance OrganizationSSL Certificates provide instant identity confirmation and strong SSL protection for your website. Your customers see that GlobalSign has authenticated your identity - strengthening their trust that they're doing business with the right people.

Read More

Enhanced Certificate Details Overview

Aug 26, 2013, 12:35 PM

This section of the application is one of the most critical parts, as incorrectly entered details will require the application to be re-submitted and possibly re-signed by the certificate requestor if inaccuracies are discovered at a later stage.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support