This document provides instructions for generating the Certificate Signing Request (CSR) on Internet Information Services (IIS 8). If you are unable to use these instructions for your server, Symantec recommends that you contact Microsoft.
Note: To generate a CSR, a key pair will need to be created for the server. The digital certificate key pair cannot be separated. If the public/private key file or password are lost and a new one is generated, the certificate will no longer match. The certificate will need to be reissued to get a working key pair.
To generate the Certificate Signing Request (CSR) file, perform following steps:
- Start the IIS by selecting Tools > Internet Information Services (IIS) Manager.
- Select Server Certificates.
- Select Create Certificate Request on the right side.
- Complete in full all the required fields in the new page that will appear, without any abbreviation, except the country code.
- Common Name: The fully-qualified domain name to which your certificate will be issued.
- Organization: The full legal name of your company.
- Organizational Unit: Use this field to differentiate between divisions within an organization.
- City or Locality: Usually the city of your organization's main office, or a main office for your organization.
- State or Province: Enter the full name of your state or province.
Note: Make sure the State or Province is not abbreviated (e.g. California).
- Country: Enter the two-character abbreviation of country in which organization resides (e.g. US).
- Select Next.
- Select at least 2048 from the Bit Length: drop down list.
- Select Next.
- Specify the file name and location for the certificate request file.
- Select Finish.
- Copy the saved CSR when requesting a certificate including the:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
- Verify the new CSR
- Once the CSR has been created, proceed to Enrollment.
Once the certificate has been issued, follow the steps from this link to install the certificate.