Generating a Certificate Signing Request (CSR) - Microsoft Internet Information Services 4.x
Print this Article
Comment on this Article
Last Updated:
October 26, 2009 3:17 PM
Follow the below instructions to generate a CSR for your website. After generating your CSR, cut/copy and paste it into the CSR field on the SSL certificate-request page.
NOTE: You must have Service Pack 4 or higher, or MS Internet Explorer 5 and higher installed.
To Generate and Submit the Certificate Signing Request (CSR)
- Open the Microsoft Management Console (MMC) for IIS (available in the Windows NT 4.0 Option Pack > Microsoft Internet Information Server > Internet Service Manager.
- In the MMC, open the Internet Information Server folder and expand the computer name.
- Open the properties window for the website the CSR is for - usually the "Default website." Right click on the website and click Properties.
- Open Directory Security Folder.
- In the Secure Communications area, open the Key Manager. Go to the Key menu and select Create New Key.
- Select Put the request in a file that you will send to an authority.
- Enter a file and path in the text box. Example: C:\NewKeyRq.txt.
- Click Next.
- Enter your key name as specified in the previous step. Enter and confirm a password. Warning: If you lose the password, you must purchase another certificate.
- Enter the Distinguished Name field information. The following characters cannot be accepted:
< > ~ ! @ # $ % ^ * / \ ( ) ? &. - Complete the Distinguished Name Fields:
- Organization - The name under which your business is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor's name in the "Organization" field, and the DBA (doing business as) name in the "Organizational Unit" field.
- Organizational Unit - Optional. Use this field to differentiate between divisions within an organization. For example, "Engineering" or "Human Resources." If applicable, you may enter the DBA (doing business as) name in this field.
-
Common Name - The Common Name is the fully qualified domain name - or URL - for which you plan to use your Certificate, e.g., the area of your site you wish customers to connect to using SSL. For example, an SSL certificate issued for "www.yourcompanyname.com" will not be valid for "secure.yourcompanyname.com." If the Web address to be used for SSL is "secure.yourcompanyname.com," ensure that the common name submitted in the CSR is "secure.yourcompanyname.com."
NOTE: If you are requesting a Wildcard certificate, please add an asterisk (*) on the left side of the Common Name (e.g., "*.coolexample.com" or "www*.coolexample.com"). This will secure all subdomains of the Common Name.
- Country - The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
- State/Province Name of state or province where your organization is located. Please enter the full name. Do not abbreviate.
- City/Locality - Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate.
- Enter your Administrator contact information.
- Fill out the appropriate contact information and click Finish.
- Key Manager will display a key icon under the WWW icon with a red slash through it indicating it is not complete.
- Choose the Computers menu and select Exit. Choose Yes when asked to commit changes.
- Using a plain-text editor, such as Windows Notepad, copy and paste the CSR into our online enrollment form.
NOTE: Remember to back up your key pair file.
