Ask a Question

Solution ID : SO2657

Generate a CSR for Microsoft IIS 6.0

Solution

Generate a CSR for Microsoft IIS 6.0

NOTE: A key length of 2048 is required.
 
To generate a CSR for Microsoft IIS 6.0, perform the following steps: 
An Important Message Before You Start:

By far the most common problem users have when going through this process is related to Private Keys.

If you lose or cannot access a Private Key, you cannot use the Certificate we issue to you.

To ensure this never happens, we advise that a backup of the Private Key file is made and that a note is made of the password that is used to protect the export of the Private Key.
 
For Microsoft WLAN environments the certificate can be requested in IIS and moved to Microsoft IAS.
 
To generate a CSR in Microsoft IIS 6.0 follow the instructions below: 
 
Start the Key/CSR Generation Process:

1. Open the Internet Services Manager  Start > Programs > Administrative Tools > Internet Services Manager (IIS) Manager
2. Right-click on the Web site you would like to create the Key/CSR pair for.



3. Click Properties.

4. Click the Directory Security tab.

5. Under the Secure Communications section, click Server Certificate



6. This will start the Web Site Certificate Wizard.  Click Next.

7. From the Web Site Certificate Wizard, click the Create a new Certificate option.



8. Click Prepare the request now, but send it later option from the list.

You will need to prepare the request now but will only submit the request (CSR) via our online request forms. We do not accept CSR's via email.



9. Enter a name for the Certificate and select a key bit length of the Key file.

At this point you will decide what encryption strength your Private Key and CSR will be set at.

NOTE: A key length of 2048 is required 

 
This information will be displayed on your Certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. Certain characters must be excluded from your CSR fields, or your certificate may not work.

Do not use any of the following characters:  [ !  @  #  $  %  ^  *  (  )  ~  ?  >  <  &  /  \  ,  "  ' ]
  
10. Enter your Organization and Organizational Unit (Department)



11. Enter your Common Name



The term "common name" is X.509 "speak" for the name that distinguishes the Certificate best, and ties it to your Organization.

In the case of SSL Web Server Certificates, enter your exact host and domain name that you wish to secure.
 
Example: If you wish to secure www.mydomain.com, then you will need to enter the exact host (www) and domain name in this field.

If you enter mydomain.com then the Certificate issued to you will only work error free on that exact domain name.

It will cause an error when you or your users access the domain name as www.mydomain.com
 
12. Enter the geographical details of your Organization.



13. The wizard will now want to create and save the CSR file. Click Browse and select a location to save the CSR file. Enter a name for the file and click Next.



14. The next page will display the summary of the Certificate you want to submit for enrollment.

15. Click Finish to complete the Web Server Certificate Wizard


16. Finish and exit IIS Certificate Wizard.
 
A CSR file has been generated.  To copy and paste the information into the enrollment form, open the file in a plain text editor such as Notepad.

 

NOTE: Upon completing the Certificate Wizard, it is important to leave the request pending for successful certificate installation. Choosing the option to delete the pending request from the Certificate Wizard will prevent installation of the certificate that is returned.