How to Generate a CSR for Microsoft IIS 6.0
You will need to create a key pair for your server to generate a CSR. These two items are a digital certificate key pair and must not be separated. Losing your public/private key file or password will result in you havinf to generate a new one, causing your SSL Certificate to no longer match. You will have to order a new SSL Certificate and which may result in a charge.
How to Generate a Certificate Signing Request (CSR) File:
- Click Start > All Programs >
Administrative Tools > Internet Services Manager (IIS) Manager
- Double-click the Server Name > Web Sites folder
- Under Web Sites, right-click the corresponding Website you wish to secure, and select
- Click the Directory Security tab.
- Under Secure communications, click Server Certificate.
- Select the Create a new certificate tab.
Note: Select Renew the current certificate if you are renewing an SSL certificate. This will generate a CSR based on the information of the certificate currently installed on the server.
- Select Prepare the request now, but send it later
- Enter a name for the certificate. Please note that this is not the Common Name of the certificate request.
- Select the bit length of 2048 for the certificate.
Note: Do not check the box for Select cryptographic service provider (CSP) for this certificate.
- To create a private key, complete the information requested by the IIS Certificate Wizard. The private key will be stored on the server locally. The information entered will also create a Certificate Signing Request that will be used during the enrollment process. The Wizard will prompt for the following X.509 attributes of the certificate:
a. First and last name (Common Name (CN): Enter the domain name of your website. For example, www.company.com.
b. Organizational Unit (OU): This tab can help identify certificates registered to an organization but it is optional. The OU field is the name of the organization or department making the request.
c. Organization (O): This is simply the name of your company. If your company has any symbol such as & or @ in its name, be sure to spell it out or omit the symbol.
d. Locality or City (L): This tab is the city of town where your company is primary located.
e. State or Province (S): Be sure to spell out the name of the State completely. No abbreviations please.
f. Country Name (C): Use the two-letter code without punctuation for country. For example, US.
Note: SSL certificates can only be used on web servers using the Common Name specified during enrollment. For example, if a certificate has been made for the domain, "domain.com", a warning will appear if accessing a site named "www.domain.com" because it is different than the original domain name.
- To exit the IIS Certificate Wizard, click Finish. A new CSR file had been created.
- Verify your CSR