Knowledge Base
How to generate a CSR for email (S/MIME) certificates in Windows
Overview
By the end of this article, you will have created and saved a Certificate Signing Request (CSR) file for an email — also called Secure/Multipurpose Internet Mail Extensions (S/MIME) — certificate, ready to submit through the Sectigo client portal. The article covers opening the Current User certificate store in the Microsoft Management Console (MMC), creating a custom request, entering the certificate subject and key options, and saving the CSR.
What is a CSR?
A Certificate Signing Request (CSR) is an encoded file that contains the information a Certificate Authority (CA) needs to issue your certificate, including your public key and subject details such as the Common Name (CN). For email (S/MIME) certificates, you generate the CSR in the Current User\Personal store because these are personal certificates tied to your Windows user account.
Prerequisites
- A Windows computer where you can open the Current User certificate store.
- Permission to run the Microsoft Management Console (MMC) using the certmgr.msc command.
- The subject details for your certificate, such as the Common Name (CN) and email address.
Open the Current User certificate store
- Click the Windows Start menu and open Run.
- In the Run dialog box, enter certmgr.msc and click OK. The Current User certificate store opens in the Microsoft Management Console (MMC).
Create a custom certificate request
- In the Certificate Manager snap-in, right-click the Personal folder.
- Select All Tasks → Advanced Operations → Create Custom Request to open the Certificate Enrollment wizard.
Fig 1: (Right-click path: Personal → All Tasks → Advanced Operations → Create Custom Request)
- On the Before You Begin page, click Next.
Fig 2: Certificate Enrollment wizard – Before You Begin screen
- Select Proceed without enrollment policy, then click Next.
Fig 3: Selecting “Proceed without enrollment policy” in the enrollment policy step
- On the Custom Request page, set Template to “(No template) Legacy key”, set Request Format to PKCS#10 (Public-Key Cryptography Standards #10), then click Next.
Fig 4: Configuring the Custom Request – selecting template and request format (PKCS#10)
Enter the certificate details
- On the Certificate Information page, expand the Details drop-down and click Properties to open the Certificate Properties page.
Fig 5: Certificate Information page – accessing Properties to configure certificate details
- On the General tab, enter a friendly name for your certificate.
Fig 6: Entering a friendly name for the certificate in the General tab
- On the Subject tab, enter the subject details to include on the CSR — such as the Common Name (CN), Organization Name, State, City, Country, and Email. The certificate subject may not include every value; the included values depend on the certificate type you purchase from Sectigo.
Fig 7: Adding subject details (CN, email, country, etc.) in the Subject tab
- On the Private Key tab, set the Key Options: set Key Size to 2048 or 4096, and enable Mark private key as exportable.
Fig 8: Configuring private key settings – key size and exportability options
Save and submit the CSR
- After finishing the configuration, choose a location to save the CSR file, enter a file name, and click Finish.
Fig 9: Saving the CSR file – choosing file name and format
- Submit the saved CSR through your Sectigo client portal to complete the certificate request.
Similar questions
- How do I create a CSR for an S/MIME (email) certificate on Windows?
- How do I generate a certificate signing request using certmgr.msc?
- How do I request an email certificate using the Microsoft Management Console?
Related Articles:
Need assistance?
Contact our team for help with your purchase or issuing your certificate.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
