Custom certificate requests must be created with specific parameters in order to work with Security Center. All certificate requests must be made from the server where certificate is going to be applied.
Creating custom certificate requests should be your last resort. There are many simpler alternatives for requesting a certificate for your server. For example, you could enroll a certificate from a certificate template of your company's Active Directory domain. For more information, see Request Certificates by Using the Certificate Request Wizard on the Microsoft Technet Library.
What you should know
On your main server, start Microsoft Management Console (mmc.exe) and add the
- In the Console window, click .
- In the Add or Remove Snap-ins dialog box that appears, click Certificates, then click Add >.
- In the Certificates snap-in dialog box, click .
- In the Console window, expand Certificates.
- Under Certificates (Local Computer), right-click Personal, and then click .
- In the Certificate Enrollment dialog box, click .
In the Custom request page, select the options as shown
IMPORTANT: For Template, select Legacy key. The default choice, CNG key, is not supported by .NET Framework 4.5, which is what Security Center uses.
- Click Next
In the Certificate Information page, expand
Details, and click Properties.
In the Certificate Properties dialog box, click the
Subject tab, and enter the value of Common
name under the Subject name.
IMPORTANT: The Common name must match the fully qualified domain name of the server. For example, if the hostname of your server is server1, and your domain is mycompany.com, then the fully qualified domain name for your server would be server1.mycompany.com.
Click the Extensions tab, and set the following
- Key Usage
- Add Digital signature and Key agreement.
- Extended Key Usage
- Add Server Authentication and Client Authentication.
Click the Private Key tab, and set the following
- Key Type
- Select Exchange. This must be set up first.
- Cryptographic Service Provider
- Select only Microsoft RSA SChannel Cryptographic Provider (Encryption). It is the last option in the list.
- Key Options
- The Key size should be at least 2048.
- Click .
- Enter the File Name and click Finish.