How to generate Certificate with Custom Options from CA Server


This article is apart of Service Fabric installation topics. Check out the topic here for Install
a Secured Service Fabric with Certficates
and Install a Secured Service Fabric with gMSA.

The following steps will show you how to generate a certificate with a custom option from CA server. Here I
generated a certificate with:

    • Common name:
    • Friendly name:
    • Description:
    • Template: Web Server
    • Extensions: Server Authentication, Client Authentication
    • Private Key: Exportable

I. Create Certificate Request

Open Microsoft Management Console (Start -> Run -> MMC) and then add Certificates and
Certification Authority Snap-in to Local Machine.

1. The Microsoft Management Console 2. Under Certificates\Personal: Right click and select Create Custom Request.
MMC-LocalMachine Custom-Request
3. On the template screen, select Web Server and Request format is PKCS #10. 4. There is a Properties button under Details section on next screen.
Custom-Request-Template Custom-Request-WebServer

Click Properties button and fulling up a few following information:

1. Subject 2. General
Subject General
Provides the CN and DNS Provides the friendly name and description
3.Extenrions (*) 4. Key Options
Extentions Key Options
Ensure the above Authentications are selected. Make private key exportable

The step 3 above is an important step which a allow users using this certification as Client authentication
to access to the servers.

Click Next and save the Certificate request to a file.


After this step, The request file is saved to the desktop folder. The next steps will show how to generate a new
certificate from that requested file.

II. Generate Certificate

    1. Right click on CA server name under Certification Authority and select Submit new request…


2. Import the file have been created on previous steps. 3. CA server will create a new cert and allows to save it back as a file.
Import-File Save-Cert

After this step, The certificate is saved to the desktop folder. Bellow steps are showing how to generate the
PFX file.

III. Export to PFX file.

    1. Go back to Certificates and import the Cert file from step II into Personal.


        1. The cert should be displayed as above with expected information.


            1. Exporting the certificate to a PFX file. Export-Cert

Congratulations, You are successfully generated the certificates with custom options and exported to the PFX

Also published on Medium.

Author: Duy Hoang

Leran what, share that

Leave a Reply