Certificate Signing Request (CSR) Generation Instructions for Microsoft IIS 7
This document provides instructions for generating a Certificate Signing Request (CSR) for Microsoft IIS7. If unable to use these instructions for the server, Symantec recommends contacting Microsoft.
NOTE: To generate a CSR, a key pair will need to be created for the server. These two items are a digital certificate key pair and cannot be separated. If the public/private key are lost and a new one is generated, your SSL Certificate will no longer match. The certificate will need to be replaced from the Trust Center account.
Symantec now offers the Symantec SSL Assistant to make it easy to generate a CSR and install a certificate for Microsoft IIS 7.0 servers running .NET 2.0 or higher.
Watch Symantec's Tutorial Videos for a more visual experience!
Note: If unable to view the video player, please click here to view from the video's web page.
To generate the Certificate Signing Request CSR for Microsoft IIS 7.0, perform the following steps:
NOTE: All certificates must have a keysize of 2048 bit or greater.
Choose Start > Administrative Tools > Internet Information Services (IIS) Manager.
In the IIS Manager, choose your server name.
In the Features pane (the middle pane), double-click the Server Certificates option located under the Security heading.
To begin the process of requesting a new certificate, from the Actions pane, choose Create Certificate Request option as shown below:
The first screen of the wizard asks for details regarding the new site:
All the fields need to be filled in. In order to fill in this form consider:
Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.symantec.com" or "symantec.com".
Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
Organizational Unit (OU): This field is the name of the department or organization unit making the request.
Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
NOTE: Symantec certificates can only be used on web servers using the Common Name or SAN specified during enrollment. For example, a certificate for the domain "symantec.com" will receive a warning if accessing a site named "www.symantec.com" or "secure.symantec.com", because "www.symantec.com" and "secure.symantec.com" are different from "symantec.com".
Click Next to continue.
The next screen of the wizard asks you to choose cryptography options. The default, Microsoft RSA SChannel Cryptography Provider is fine. Select a key-bit length of 2048.
Click Next to continue.
Finally, provide a filename to which to save the certificate request. The contents of the CSR file are needed in the next step, so make sure the file location is known. To change the location of where you wish to save the CSR, select the box with the 3 periods next to the file name.
NOTE: During the enrollment open the file created from the above steps and copy the contents into the enrollment form when requested for the CSR.
During the verification process, Symantec may need to contact your organization. Be sure to provide an email address, phone number and fax number that will be checked and responded to quickly. These fields are not part of the certificate.