Generate a CSR for Microsoft IIS 6.0
NOTE: A key length of 2048 is required.
To generate a CSR for Microsoft IIS 6.0, perform the following steps:
An Important Message Before You Start:
By far the most common problem users have when going through this process is related to Private Keys.
If you lose or cannot access a Private Key, you cannot use the Certificate we issue to you.
To ensure this never happens, we advise that a backup of the Private Key file is made and that a note is made of the password that is used to protect the export of the Private Key.
For Microsoft WLAN environments the certificate can be requested in IIS and moved to Microsoft IAS.
To generate a CSR in Microsoft IIS 6.0 follow the instructions below:
Start the Key/CSR Generation Process:
1. Open the Internet Services Manager Start
> Administrative Tools
> Internet Services Manager (IIS) Manager
on the Web site
you would like to create the Key/CSR pair for.
3. Click Properties
4. Click the Directory Security
5. Under the Secure Communications
section, click Server Certificate
6. This will start the Web Site Certificate Wizard
. Click Next
7. From the Web Site Certificate Wizard, click the Create a new Certificate
8. Click Prepare the request now, but send it later
option from the list.
You will need to prepare the request now but will only submit the request (CSR) via our online request forms. We do not accept CSR's via email.
9. Enter a name
for the Certificate and select a key bit length
of the Key file.
At this point you will decide what encryption strength your Private Key and CSR will be set at.
A key length of 2048 is required
This information will be displayed on your Certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. Certain characters must be excluded from your CSR fields, or your certificate may not work.
Do not use any of the following characters: [ ! @ # $ % ^ * ( ) ~ ? > < & / \ , " ' ]
10. Enter your Organization
and Organizational Unit
11. Enter your Common Name
The term "common name" is X.509 "speak" for the name that distinguishes the Certificate best, and ties it to your Organization.
In the case of SSL Web Server Certificates, enter your exact host and domain name that you wish to secure.
Example: If you wish to secure www.mydomain.com, then you will need to enter the exact host (www) and domain name in this field.
If you enter mydomain.com then the Certificate issued to you will only work error free on that exact domain name.
It will cause an error when you or your users access the domain name as www.mydomain.com
12. Enter the geographical details
of your Organization.
13. The wizard will now want to create and save the CSR file. Click Browse
and select a location to save the CSR file. Enter a name for the file and click Next
14. The next page will display the summary of the Certificate you want to submit for enrollment.
15. Click Finish
to complete the Web Server Certificate Wizard
16. Finish and exit IIS Certificate Wizard.
A CSR file has been generated. To copy and paste the information into the enrollment form, open the file in a plain text editor such as Notepad.
NOTE: Upon completing the Certificate Wizard, it is important to leave the request pending for successful certificate installation. Choosing the option to delete the pending request from the Certificate Wizard will prevent installation of the certificate that is returned.