Knowledge Base

This article will guide you through to generate a Certificate Signing Request for an S/MIME Certificate, using a simple Windows command.

Step 1: Building the ‘request.inf’ file.

Copy the following contents (in green) and save them as ‘request.inf’ using a notepad. You must change only the ‘Subject’ line to include your personal details.

[NewRequest]
;Change the 'Subject line below, so that CN, E and C to reflect your personal details. CN can be your full name, E points to your email address and C denotes the 2 letter country code.


;==================================================
Subject = "CN=Your Name, E=your-email-address, C=US"        ;<=== to be edited before saving the file
;==================================================

KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = FALSE
SMIME = TRUE
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
HashAlgorithm = SHA256

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.4 ; this is for secure email

Step 2: Generating a CSR using the ‘request.inf’

Please create a new Folder ( ex: C:\CertRequest ) and save the 'request.inf' file inside the folder.  After saving the 'request.inf' file, you can execute the following command on CMD prompt to generate a CSR. 

CD C:\CertRequest 
CERTREQ -new request.inf smime.csr

• This command will generate a new CSR and saves it in “smime.csr” file on the same folder.
• You can then submit the CSR to Sectigo for requesting an E-Mail/S-MIME Certificate.

Note: After receiving the Certificate, you have to install the certificate on the same computer using “certreq -accept certificate.crt”. You can then export the certificate into a PFX file.