Frustrated IT admin managing SSL certificates on Windows

How to export a CSR you’ve created on Windows?

2 min read.

Another thing that I run into every now and then is creating CSRs for different customer environments. Since the requests often end up being a bit complex with a lot of SANs (Subject Alternative Names), crafting them with OpenSSL (or other console tools) is a bit laborious for my liking, and I usually just end up generating the CSR in DigiCertUtil or some other UI tool.

And boom – you get a CSR you can copy-paste and send out to the customer/partner/provider.

But what if you need the file later? Or if you need the private key (as you probably will)?

Let’s take a look!


On Windows, any Certificate-Signing Requests (CSR) you’ve created should end up in your local Certificate Store (Certificates MMC snap-in). This is true even if you use some other UI than Microsoft’s Management Console (MMC) or certmgr console tool. Even when using a tool like DigiCertUtil.exe (Digicert’s quite convenient little Certificate Utility app for Windows), the CSRs (and the associated private keys) end up in the Certificate Store that you can access with MMC.

Of course, this doesn’t apply to generating a CSR with OpenSSL. OpenSSL will instead just ask you a lot of questions (or alternatively accept a confusing string of values as arguments). It’s nice, if you remember how to use it and have it installed.

But if you just want to get going quickly, you can export a .pfx -file (which in theory is a CSR with your private key) from Windows Certificate Manager easily.

So all that’s left is to figure out how to find your CSR and export it. Easy, right?


Let’s go through the steps to export that CSR.

1. Create a CSR

You can do this with DigiCertUtil.exe, or by selecting a certificate store > All Tasks > Advanced Operations > Create Custom Request.

But that’s beyond the scope of this article.

Or perhaps before the scope. Of this article, that is.

2. Navigate to your CSRs

Navigate to “Certificate Enrolment Requests” > Certificates

3. Start the export wizard

Select the CSR you want to export, click it with right mouse button > All Tasks > Export

4. Select to export the CSR with the private key

You’ll want the private key to be in the exported file, so please do select “yes” here.

5. Select the export format

In my case, I wanted to have a .pfx -file, as I could easily export the private key from it.

I selected the following options:

Ét voila! You’ll have a .pfx file with the

References and links

If you want to export the CSR from DigiCertUtil.exe instead, here’s a guide that’s pretty good:

… and if you want to export your private key from your .pfx-file, here’s how to do it:

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments