Install openssl on a computer and make sure it's included in system variable's path
Create INI file (yourfile.ini) with following details :
[ req ] default_bits=2048 prompt=no default_md=sha256 distinguished_name=dn req_extensions=req_ext [ dn ] C=LU ST=Luxembourg L=Luxembourg O=YourCompany CN=yourserver.yourcompany.local [ req_ext ] subjectAltName=@alt_names [ alt_names ] DNS.1=yourserver.yourcompany.com DNS.2=www.yourserver.com
Open a cmd prompt and type the following command:
openssl req -new -nodes -newkey rsa:2048 -keyout key.key -config yourfile.cnf -out certreq.csr
This will create 2 files :
key.key
certreq.csr
Open the webpage of your CA : https://yourserver.yourcompany.local/certsrv
Chose Request a certificate
Click on advanced certificate request
Copy the content of the csr file created before in the Saved request box
Select the WebServer template and click Submit
You will then be able to download the Certificate as CER file and the Certificate chain as P7B
If you need to change the CER file to PFX you can do the following:
First transform the CER to PEM
openssl x509 -inform DER -in certificate.cer -out certificate.pemInclude then PEM with key to make PFX
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.pem