问题
I need SSL cert for a web site but CA did not accept my CSR and told me, that is SHA1 algorithm and you should send SHA2 based CSR file. How can I create SHA2 CSR file for IIS web site on windows 2012R2 ?
回答1:
I had same problem and this helped me: http://day.ir/en-us/articles/ssl/create-csr-sha2-algorithm
SHA2 CSR
*RUN > MMC > FIle> Add Remove Snap -In... > Certificates > Add
*Select Certificates from left panel and click Add button
*click on Add button Certificate Snap-in window will pop-up. Select Computer account > Next
*In Select Computer window select Local Computer(the computer this console is running on) >Finish
*in Add or Remove Snap-ins window select added Certificates snap-in and press OK
*Under Console Root select Personal> Certificates(right click)> All Tasks> Advanced Operations> Create custom request.
*Select Proceed without enrollment policy on Select Certificate Enrollment Policy page> Next
*in Custom request windows select (No Template)CNG key and PKCS#10 format and select Next
*In Certificate Information page select Details to expand box
*After clicking Details properties will appear select it.
*In Certificate Properties > General tab for friendly name add domain you need SSL for that for example if you are creating CSR for www.day.ir type this on Description and friendly name.
*Common name: CN is your domain name
**in Private Key tab select Key Options and change Key size to 2048 or bigger.On Select Hash Algorithm change Hash Algorithm to sha256 click OK and Next.
Selecting Make private key exportable will help to backup installed certificate in future for move to new server or any problem
来源:https://stackoverflow.com/questions/38802868/how-can-i-make-sha2-csr-file-for-iis-web-site-on-windows-2012r2