Administrators usually configure certificate templates in advance so that the templates can be used to request or enroll for certificates. Custom requests can be used to modify a certificate template to meet special requirements, or to create a new certificate not based on a template. They can also be used to save a certificate request to a file for processing at a different time or on a different computer.
Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.
 | To create a custom certificate request |
Open the Certificates snap-in for a user, computer, or service.
In the console tree, double-click Personal, and then click Certificates.
On the Action menu, point to All Tasks, point to Advanced Operations, and then click Create Custom Request to start the Certificate Enrollment wizard. Click Next.
On the Custom request page, in the Templates list, do one of the following:
-
If you know what kind of certificate you want and want to accept the default configuration options, select the appropriate certificate template.
-
If you need a completely customized certificate, select (No template) CNG key or (No template) Legacy key.
Note CNG keys might not be compatible with all applications.
-
If you know what kind of certificate you want and want to accept the default configuration options, select the appropriate certificate template.
Each certificate template includes a standard set of extensions that can indicate additional subject identification information, or it can indicate key usage information, which specifies the tasks (such as signature or encryption) for which a key can be used. If you want to use only the custom extensions that you specify, select the Suppress default extensions check box.
Select the file format you want to use for your certificate request:
-
PKCS #10 is a widely used format for certificate requests.
-
CMC can be used to prepare requests that will be submitted to a non-Microsoft certification authority.
-
PKCS #10 is a widely used format for certificate requests.
Click Next.
Click Details to view details of the certificate request. If you want to customize the request further, click Properties and fill in the desired options. When you are finished, click OK to close Certificate Properties, and then click Next.
Enter a file name and path, and then click Finish.
Additional considerations
-
User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can only be managed by an administrator or user who has been given the appropriate permissions.
-
To open the Certificates snap-in, see Add the Certificates Snap-in to an MMC.
Additional references