Generate CSR by GUI Tool

1. Open Run and use certlm.msc command

Figure 9: Local Computer – Certificates

2. Right click on Personal → All Tasks → Advanced Operations  → Create custom requests

Figure 10: Create Custom Request

3. Click next button on Before you begin wizard screen

4. Select next on Select Certificate Enrollment Policy wizard

5. On Custom Request wizard use Template  (No Template) CNG Key and Request format PKCS #10 and click next

Figure 11: Certificate Enrollment - Custom request

6. Select details and click on Properties button

Figure 12: Certificate Information

7. On Certificate Properties Assign Friendly name and Description

Figure 13: Certificate Information

8. On Subject tab select Subject Name Type and enter information for Full DN, Common Name, Country, Email, Given Name, Locality, Organization, Organization Unit, State etc.,

Figure 14: Certificate Properties – Subject

9. On Private Key Tab Click on Cryptographic Service Provider and unselect the RSA, Microsoft Software Key Storage Provider and Select RSA, Utimaco CryptoServer Key Storage Provider

10. On select Hash Algorithm select sha256

Figure 15: Certificate Properties - Private Key

11. Click Apply and OK

12. Check on HSM using below command that Certificate/Key is generated

C:\>cngtool ListKeys

Figure 16: Key Listing