Below are the steps to create a standalone certificate request from the TMG 2010 server in order to generate a CSR for a Public CA.
- Open Certificate MMC
- Expand Personal > Certificates
- Right – Click Certificates then All Tasks then Advanced Operations Then Create Custom Request
- Select Next
- Select Proceed without enrollment policy
- Select No template legacy Key
- Select Properties
- Enter a friendly name
- On the Subject tab enter the Common Name and Alternative names
- On the extensions tab under Key Usage choose Digital Signature and Key encipherment
- Under extended key usage choose Server Authentication and Client Authentication
- Under the private key tab under key options choose key size and select 2048 and select private key exportable
- Under Key type choose Exchange and ensure that the key size above is set to 2048
- Select OK, Choose path to save and provide the CSR to a Public CA and then import into the Personal store.