June 14 2017

Create certificate from CSR on a Microsoft Certificate Authority using command line

Do you have a Certificate Signing Request (CSR) from a device with which you need to create a certificate from a Microsoft Windows Certificate Authority?  This is actually pretty straight forward.  On a domain machine, launch a command prompt and save the CSR into a file on that machine (CSR.REQ in the example below).  Then just use the command:

certreq -submit -attrib "CertificateTemplate:WebServer" CSR.req cert.cer

You’ll get a prompt to select the issuing CA you want to use.  Substitute WebServer for whichever template you need to use.  You then have your certificate – cert.cer.