I was wondering if it does make any sense to create a csr file on Linux, and then create the associated pkcs12 file again on linux, and then using it on a windows platform ? Is is something not recommended ? or not important at all ?
We heard/read that it is always better to create the csr file on the platform where the certificate will be used... Is it true ? Your thought on that ?
Thanks for sharing.
PKCS (Public Key Cryptography Standards) are totally platform independent. PKCS describe the syntax of messages and platforms must (within the scope) implement them in the same way. That is, PKCS#10 request must be interpreted on any supported platform (that implements PKCS#10) identically.
Regarding the question itself: as it was pointed in comments, from security perspective your private key shall not travel between systems. If end application for this particular certificate is hosted on Windows, then the CSR must be generated on target (Windows, in a given example) machine.
it is always better
I would say that in most cases it is the only right method. This is why private key is called *private*, not "shared among many entities". The only exception is when platform itself doesn't support key/csr generation (some sophisticated embedded devices) where you are required to import PKCS#12 file or upload key pair. In all other cases you must use platform-specific tools to generate key pair and create CSR. On linux you usually use openssl, on Windows you would use certreq.exe tool.