Hi thanks for the responses. I generated a new certificate request file and sent it to our certificate authority. The certificate that was returned did generate a private key properly when installed. I don't know for sure what was different between the first and second requests. The first time, I may not have checked "make private key exportable" which may or may not have made a difference.

Since a valid certificate for SSRS was generated, it seems the original process is valid for anyone looking to do the same thing.

In the case of this certificate, I put the cname as the common name and the actual server name as a subject alternative name.

ps: what I received back was a .p7b file that included the new certificate and the certificate authority root chain.