Ask a Question

Advanced Search

Alert ID : INFO1943

Last Modified : 04/19/2019

Managed PKI for SSL- Certificate Signing Request (CSR) Generation Instructions for Microsoft IIS 7


This document provides instructions for generating a Certificate Signing Request (CSR) for Microsoft IIS7. If you are unable to use these instructions for your server, Symantec recommends that you contact Microsoft.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your private key file or your password and generate a new one, the SSL Certificate will no longer match. You will have to request a replacement SSL Certificate.
Symantec now offers the Symantec SSL Assistant to make it easy to generate a CSR and install a certificate for Microsoft IIS 7.0 servers running .NET 2.0 or higher.

 Watch a video demo to generate a CSR for Microsoft IIS 7

NOTE:  If you are unable to view the video player, please click here to view from the video's web page.



To generate the Certificate Signing Request CSR for Microsoft IIS 7.0, perform the following steps:

  1. Choose Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. In the IIS Manager, choose your server name.
  3. In the Features pane (the middle pane), double-click the Server Certificates option located under the Security heading.

  4. To begin the process of requesting a new certificate, from the Actions pane, choose Create Certificate Request option as shown below:

  5. The first screen of the wizard asks for details regarding the new site.

  6. All the fields need to be filled in. In order to fill in this form consider:
    • Common Name: The fully-qualified domain name to which your certificate will be issued.
    • Organization: The full legal name of your company.
    • Organizational Unit: Use this field to differentiate between divisions within an organization.
    • City or Locality: Usually the city of your organization's main office, or a main office for your organization.
    • State or Province: Enter the full name of your state or province. 
      Note: Make sure the State or Province is not abbreviated (e.g. California).
    • Country: Enter the two-character abbreviation of country in which organization resides (e.g. US).
  1. Click Next to continue.
  2. The next screen of the wizard asks you to choose cryptography options. Select the default, Microsoft RSA SChannel Cryptography Provider. Select a key-bit length of 2048 or higher. 

  3. Click Next to continue.
  4. Finally, provide a filename to which to save the certificate request.  You will need the contents of this file in the next step, so make sure you know where to find it. To change the location of where you wish to save the CSR, select the box with the 3 periods next to the file name.

  5. Verify your CSR
  6. Proceed with the Enrollment. 

Once the certificate has been issued, follow the steps from this link to install the certificate on your server.