Use a certificate signing request generated by third party software. When this target plugin is chosen, you will obviously not be able to select a CSR plugin as well, meaning that any customization and key selection requirements should already be met.
Note that it’s possible though not required to provide the private key to the program as well. If you do not provide the private key, the certificate as stored by the store plugins won’t be usable for server authentication. In that case you need to use an installation script or manual steps to finish the creation of a fully usable certificate.
--target csr --csrfile C:\csr.txt [--pkfile C:\key.txt]