Creating custom certificate requests for Security Center - Custom certificate requests must be created with specific parameters in order to work with Security Center. All certificate requests must be made from the server where the certificate is going to be applied. - Security Center 5.12

Security Center Administrator Guide 5.12
Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
ft:locale
en-US
Last updated
2025-04-16

Custom certificate requests must be created with specific parameters in order to work with Security Center. All certificate requests must be made from the server where the certificate is going to be applied.

Before you begin

Custom certificates must conform to the following parameters. If they don’t, you could encounter errors when trying to import and use the certificate on a Security Center server or workstation.
Certificate type
x509
Hashing algorithm
SHA-256
Private key length
2048 bits minimum
Common name
The Common name must be one of the following:
  • The fully qualified domain name (FQDN) of the server – for example, myserver1.mycompany.com
  • A wildcard plus the server domain name – for example, *.mycompany.com
  • The server host name only – for example, myserver1
Export format
PKCS #12 (*.pfx)

Procedure

  1. On your main server, start Microsoft Management Console (mmc.exe) and add the Certificates snap-in.
    1. In the Console window, click File > Add/Remove Snap-in.
    2. In the Add or Remove Snap-ins dialog box that appears, click Certificates and then click Add.
    3. In the Certificates snap-in dialog box, click Computer account > Next > Finish > OK.
  2. In the Console window, expand Certificates.
  3. Under Certificates (Local Computer), right-click Personal, and then click All Tasks > Advanced Operations > Create Custom Request.
  4. In the Certificate Enrollment dialog box, click Next > Proceed without enrollment policy > Next.
  5. In the Custom request page, select the options as shown below.
    IMPORTANT: For Template, select Legacy key. The default choice, CNG key, isn’t supported by .NET Framework 4.8, which is what Security Center uses.
  6. Click Next
  7. In the Certificate Information page, expand Details, and click Properties.
  8. In the Certificate Properties dialog box, click the Subject tab, and enter the value of Common name under the Subject name.
  9. Click the Extensions tab, and set the following properties.
    Key Usage
    Add Digital signature and Key agreement.
    Extended Key Usage
    Add Server Authentication and Client Authentication.
  10. Click the Private Key tab, and set the following properties.
    Key Type
    Select Exchange. This property must be set up first.
    Cryptographic Service Provider
    Select only Microsoft RSA SChannel Cryptographic Provider (Encryption). It’s the last option in the list.
    Key Options
    The Key size should be at least 2048.
  11. Click Apply > OK > Next.
  12. Enter the File Name and click Finish.

After you finish

Send the request (.csr) to your IT department or the external certificate authority (CA) for processing. Once the certificate has been generated, import and apply it to your server.