First thing's first: Windows XP is no longer supported by Microsoft and you shouldn't be using it in 2017! Our primary recommendation here is to upgrade your OS to a current version. If that's not possible though, our certificates will work on Windows XP provided the following conditions are true:
In order for Windows XP to use any current HTTPS certificate, it will need the correct updates to recognise SHA2 format certificates. Install the relevant updates from Windows update, or see Microsoft's page on SHA-2 update for more information.
There are two common formats RSA and ECC (also called ECDSA) keys. ECC is stronger, RSA is older and weaker but works with older operating systems.
Our default browser-based (webcrypto) CSR creation tools automatically make RSA keys for the maximum compatibility, so you don't need to do anything for XP support.
Our server-based key creation commands make ECC keys, which are faster and stronger than RSA keys, but don't support Windows XP and old versions of macOS (10.9 and prior).
To support XP, just make an RSA keypair.
You'll have a new certificate that supports XP and older macOS devices a few minutes later.
While macOS 10.10 (Yosemite), 10.11 (El Capitan), 10.12 (Sierra) and 10.13 (High Sierra) support ECC certificates out of the box, macOS 10.9 (Mavericks) and older releases have some issues in their ECC implementation that are fixed by upgrading macOS. You can do this for free in the Mac App Store.
If you need to support 10.9 clients, it's no problem: just make an RSA certificate using the same instructions as Windows XP above.