Knowledge Base

How to generate a 2048-bit key and CSR for S/MIME in OpenSSL

Solution ID : SO250821212507

Last Modified : 10/21/2023

Download and install OpenSSL for windows.

Note: We cannot support you on downloading or installing OpenSSL.
However OpenSSL will usually install in this directory C:\OpenSSL-Win32\bin
Run openssl.exe in the command prompt.
Run command:

openssl req -new -newkey rsa:2048 -nodes -out yourfilename.csr -keyout yourfilename.key

Note: yourfilename.csr and yourfilename.key you can edit to be more specific file names that you want to use.
Try our OpenSSL CSR Wizard

Fill in the following details:

Field	Example Value
Common Name	youremail@example.com
Organization Name	DigiCert, Inc.
Department	IT (Any department within your organization)
City	Lehi (Legally registered City)
State/Province	Utah
Country	US (Two-digit country code)
Email Address	youremail@example.com
Challenge Password	tesT123 (This will be used to create the .pfx file or import the .pfx file.)
Key size	2048, 3072, or 4096

Open the CSR file in TXT Editor like Notepad or Word pad.
Include the test into your order.
Download the Primary CS cert and its intermediate. You will need to save a copy of both files in the same directory where you are running the openssl.exe file.
Concatenate the files using this command to make a .pfx file.

openssl pkcs12 -export -out Newcscertificate.pfx -inkey yourfilename.key -in newcs.crt -certfile CA.crt

To import a .pfx file into the local Personal certificate store, do the following:

Start Windows Explorer and select and hold (or right-click) the .pfx file, then select Open to open the Certificate Import Wizard.
Follow the procedure in the Certificate Import Wizard to import the code-signing certificate into the personal certificate store.
The certificate and private key are now available for to use.

Related Articles

Generate a CSR via MMC certificate snap-in using Windows