To generate a CSR, you first need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match your private key.
The CSR needs to contain the following attributes:
- Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
- Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corportation or XY and Z Corportation.
- Organizational Unit (OU): This field is the name of the department or organization unit making the request.
- Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".
Note: VeriSign certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".
VeriSign recommends that you contact Sybase for additional information.
Generate a Private Key Pair
Retail customers Note: The recommended key bit size is 2048-bit. All certificates that will expire after October, 2013 must have a 2048 bit key size.
MPKI for SSL customers Note: The recommended key bit size is 2048-bit. All certificates that will expire after December, 2013 must have a 2048 bit key size.
- Under Administrative Tools, open Internet Services Manager.
- Open the Properties window by right-clicking on the name of the Web site you wish to secure.
- Click the Directory Security tab.
- Click Server Certificate in the Secure communications section. If you have not used this option before the Edit button will not be active.
- Select Create a new certificate
- Select Prepare the request now, but send it later. VeriSign only accepts CSRs through the enrollment process forms. We do not accept CSRs over email.
- Complete the information requested by the IIS Certificate Wizard to create a private key that is stored locally on your server and a public key (the Certificate Signing Request) that you will use during the enrollment process. You have successfully generated a CSR file. See Terms Defined if you have questions about any of the information requested.
- Click Finish to exit the IIS Certificate Wizard. A CSR file has been generated.
- Verify your CSR
- Go to the enrollment form and paste the information into the form when prompted for the CSR.