1. In CertManager, expand 'Certificates (Local Computer)', 'Personal' and 'Certificates' folders
  2. Right click, choose 'All Tasks', choose 'Advanced Operations' and 'Create Custom Request'
  3. On the 'Select Certificate Enrolment Policy' page, choose 'Proceed without enrolment policy'
  4. On the 'Custom request' page, ensure that 'Template' is set to '(No template) CNG key' and that 'Request format' is set to 'PKCS #10', then hit 'Next'.
  5. On the 'Certificate Information' page, click the drop down for 'Details' and then 'Properties'
  6. On the 'General tab', enter the 'Friendly name:' as 'HTTPS certificate for idp.example.ac.uk'
  7. On the 'Subject' tab, under 'Subject name' select Type: 'Common name' and enter value 'idp.example.ac.uk', repeat this for each of the follow
    1. Country – C (country) i.e. GB
    2. Email – E (a contact e-mail address) e.g. it@example.ac.uk
    3. Locality – L (town / city) e.g. Example City
    4. Organization – O (Organization Name) e.g. Example University
    5. State – S (County) e.g. Example
  8. On the 'Subject' tab, under 'Alternative name' select Type: 'DNS' and enter value 'idp.example.ac.uk'. You may wish to repeat this step for any additional SubjectAlternativeNames that are required.
  9. On the 'Private Key' tab:
    1. under 'Cryptographic Service provider' ensure that 'RSA,Microsoft Software Key Storage Provider' is selected
    2. under 'Key options' set the 'Key size:' to at least '2048', choose 'Make private key exportable'
    3. under 'Select Hash Algorithm' set the Hash Algorithm to 'SHA256'
    4. Click OK to close the Certificate Properties dialogue,
  10. On the 'Certificate Information' page click 'Next'
  11. Enter a filename for the certificate request e.g. idp.example.ac.uk, and ensure that Base64 is now ticked, save