hi @munrobasher
You can obtain without a CSR created by windows
There is also certify (google search it) and letsencrypt-winsimple which are popular clients
These clients will do the CSR for you and will install the certificates in the stores that you need and even configure IIS bindings (in the case of letsencrypt-winsimple and certify)
Andrei