diff --git a/certy.ps1 b/certy.ps1
index b7c2840..817a720 100644
--- a/certy.ps1
+++ b/certy.ps1
@@ -254,9 +254,14 @@ function Get-InfRequestFromLines {
         if ($line.TrimStart() -match '^[;#]') { continue }
 
         if (-not $commonName -and ($line -match '(?i)^\s*subject\s*=\s*"?([^"]+)"?')) {
-            $subject = $Matches[1]
-            if ($subject -match '(?i)\bCN\s*=\s*([^,"]+)') {
-                $commonName = $Matches[1].Trim()
+            $subject = $Matches[1].Trim()
+            $subject = $subject.Trim('"')
+            $tokens = $subject -split '\s*[;,]\s*' | Where-Object { $_ }
+            foreach ($token in $tokens) {
+                if ($token -match '(?i)^\s*CN\s*=\s*(.+)$') {
+                    $commonName = $Matches[1].Trim()
+                    break
+                }
             }
         }
 
@@ -1236,6 +1241,32 @@ function Update-InfCsrUI {
     $enabled = $infCsrOnlyBox.Checked
     $infCsrOutputLabel.Enabled = $enabled
     $infCsrOutputBox.Enabled = $enabled
+
+    $inputEnabled = -not $enabled
+    $hostsBox.Enabled = $inputEnabled
+    $fileBox.Enabled = $inputEnabled
+    $browseBtn.Enabled = $inputEnabled
+    $filePreviewBtn.Enabled = $inputEnabled
+    $filePreviewBox.Enabled = $inputEnabled
+    $csrFolderBox.Enabled = $inputEnabled
+    $csrBrowseBtn.Enabled = $inputEnabled
+    $csrImportBtn.Enabled = $inputEnabled
+    $useFqdnBox.Enabled = $inputEnabled
+
+    $zoneBox.Enabled = $inputEnabled
+    $ipBox.Enabled = $inputEnabled
+    $ipRefreshBtn.Enabled = $inputEnabled
+    $dnsServerBox.Enabled = $inputEnabled
+    $dnsScanBtn.Enabled = $inputEnabled
+    $dnsListBox.Enabled = $inputEnabled
+    $replicationTargetsBox.Enabled = $inputEnabled
+    $replicationFromSelectedBtn.Enabled = $inputEnabled
+    $primaryFromSelectedBtn.Enabled = $inputEnabled
+    $replicationCmdBox.Enabled = $inputEnabled
+    $replicationDelayBox.Enabled = $inputEnabled
+    $replicationRemoteBox.Enabled = $inputEnabled
+    $replicationCredBtn.Enabled = $inputEnabled
+    $replicationEnabledBox.Enabled = $inputEnabled
 }
 
 Update-InfCsrUI
@@ -1474,7 +1505,7 @@ $infImportBtn.Add_Click({
         if (-not $folder) { throw "INF folder is empty." }
         if (-not (Test-Path -Path $folder -PathType Container)) { throw "INF folder not found: $folder" }
 
-        $infFiles = Get-ChildItem -Path $folder -Filter *.inf -File -Recurse
+        $infFiles = @(Get-ChildItem -Path $folder -Filter *.inf -File -Recurse)
         if (-not $infFiles) {
             & $logAction "No INF files found in $folder"
             return
@@ -1665,6 +1696,32 @@ $clearBtn.Add_Click({
 $runBtn.Add_Click({
     $runBtn.Enabled = $false
     try {
+        if ($infCsrOnlyBox.Checked) {
+            if (-not $script:infRequests -or $script:infRequests.Count -eq 0) {
+                throw "INF CSR generation enabled, but no INF files were imported."
+            }
+            $csrOutputDir = $infCsrOutputBox.Text.Trim()
+            if (-not $csrOutputDir) { throw "CSR output folder is required." }
+            if (-not (Test-Path -Path $csrOutputDir -PathType Container)) {
+                New-Item -Path $csrOutputDir -ItemType Directory -Force | Out-Null
+            }
+            foreach ($req in $script:infRequests) {
+                $baseName = [System.IO.Path]::GetFileNameWithoutExtension($req.File)
+                $csrPath = Join-Path $csrOutputDir ($baseName + ".req")
+                if (Test-Path -Path $csrPath) {
+                    $csrPath = Join-Path $csrOutputDir ($baseName + "-" + (Get-Date -Format "yyyyMMddHHmmss") + ".req")
+                }
+                $infPath = if ($req.CsrInf) { $req.CsrInf } else { $req.File }
+                & $logAction "Generating CSR from $([System.IO.Path]::GetFileName($infPath)) -> $csrPath"
+                $output = & certreq.exe -new $infPath $csrPath 2>&1
+                foreach ($line in $output) {
+                    & $logAction $line
+                }
+            }
+            & $logAction "Done."
+            return
+        }
+
         $hosts = @()
         $hosts += Split-List $hostsBox.Text
 
@@ -1760,29 +1817,7 @@ $runBtn.Add_Click({
             & $logAction "Replication disabled."
         }
 
-        if ($infCsrOnlyBox.Checked) {
-            if (-not $script:infRequests -or $script:infRequests.Count -eq 0) {
-                throw "INF CSR generation enabled, but no INF files were imported."
-            }
-            $csrOutputDir = $infCsrOutputBox.Text.Trim()
-            if (-not $csrOutputDir) { throw "CSR output folder is required." }
-            if (-not (Test-Path -Path $csrOutputDir -PathType Container)) {
-                New-Item -Path $csrOutputDir -ItemType Directory -Force | Out-Null
-            }
-            foreach ($req in $script:infRequests) {
-                $baseName = [System.IO.Path]::GetFileNameWithoutExtension($req.File)
-                $csrPath = Join-Path $csrOutputDir ($baseName + ".req")
-                if (Test-Path -Path $csrPath) {
-                    $csrPath = Join-Path $csrOutputDir ($baseName + "-" + (Get-Date -Format "yyyyMMddHHmmss") + ".req")
-                }
-                $infPath = if ($req.CsrInf) { $req.CsrInf } else { $req.File }
-                & $logAction "Generating CSR from $([System.IO.Path]::GetFileName($infPath)) -> $csrPath"
-                $output = & certreq.exe -new $infPath $csrPath 2>&1
-                foreach ($line in $output) {
-                    & $logAction $line
-                }
-            }
-        } elseif ($disableCertsBox.Checked) {
+        if ($disableCertsBox.Checked) {
             & $logAction "Cert generation disabled; DNS updates/replication only."
         } else {
             $wacsPath = $wacsPathBox.Text.Trim()