Skip to content

Instantly share code, notes, and snippets.

@greenygh0st

greenygh0st/iis-san-csr.md

Last active February 25, 2025 16:18
Show Gist options
  • Save greenygh0st/c1c8279b6ff12c178b0438b7dde41f20 to your computer and use it in GitHub Desktop.
Save greenygh0st/c1c8279b6ff12c178b0438b7dde41f20 to your computer and use it in GitHub Desktop.
Download ZIP
Request a certificate in IIS when SAN is required
Raw
iis-san-csr.md

IIS Certificate with SAN

When you absoluetly must deal with IIS and SAN...

  1. Create a request config file for your server
[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "CN=me.com, OU=YourDepartment, O=YourCompany, L=YourCity, S=YourState, C=US"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = FALSE
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[Extensions]
2.5.29.17 = "{text}"
_continue_ = "dns=me.com"

[RequestAttributes]
CertificateTemplate = WebServer
  1. Create that file in a directory on the server and run the following command with an elevated CMD prompt against it:
certreq -new request.inf request.csr
  1. When you get the CSR returned with CER, run the following command to add it:
certreq -accept your_cert.cer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment