How to create a CSR for IIS using an .inf file - jrcloudsolutions/tidbits GitHub Wiki

Sometimes generating the CSR using the IIS Console or the Certificates MMC on Windows Server 2019 does not work because either they are not using a 2048 key size and/or a sha-256 algorithm that DISA requires.

As a workaround, a request.inf file can be created using notepad with the CN, O, OU, 2048 key size, sha-256 algorithm, etc.

Then, use the following powershell commands to generate and validate the CSR:

1. certreq -new C:\request.inf C:\request.csr (to generate the CSR)
2. certutil -dump C:\request.csr (to validate CSR content including the 2048 key size and sha-256 algorithm)