How to Generate a CSR for Microsoft IIS 7.0

You will need to create a key pair for your server to generate a CSR. These two items are a digital certificate key pair and must not be separated. Losing your public/private key file or password will result in you havinf to generate a new one, causing your SSL Certificate to no longer match. You will have to order a new SSL Certificate and which may result in a charge.

  1. Choose Start > Administrative Tools > Internet Information Services (IIS) Manager

  2. Choose your Server Name in the IIS Manager

  3. Double-click the Server Certificates option (Figure A) located under the Security heading in the Features pane (the middle pane).

  4. Choose Create Certificate Request option as shown below in Figure B to begin the process of requesting a new certificate.

  5. The first screen of the wizard will ask for the details regarding the new site

    Please note that all fields needs to be filled in with accurate information. While filling out the form, please consider:

    a. Common Name (CN): Enter the domain name of your website. For example,

    b. Organizational Unit (OU): This tab can help identify certificates registered to an organization but it is optional. The OU field is the name of the organization or department making the request.

    c. Organization (O): This is simply the name of your company. If your company has any symbol such as & or @, be sure to spell it out or omit the symbol.

    d. Locality or City (L): This tab is the city of town where your company is primary located.

    e. State or Province (S): Be sure to spell out the name of the State completely. No abbreviations please.

    f. Country Name (C): Use the two-letter code without punctuation for country. For example, US.

    NOTE: SSL certificates can only be used on web servers using the Common Name specified during enrollment. For example, if a certificate has been made for the domain, "", a warning will appear if accessing a site named "" because it is different than the original domain name.

  6. To continue, click Next.

  7. The Wizard in the next screen will ask you to choose cryptography options. Microsoft RSA SChannel (the default) Cryptography Provider is fine. Select a key-bit length of 2048.

  8. To continue, click Next.

  9. To save the certificate request, provide a filename. Remember where you stored this file because you will need the contents in the next step. If you want to change the location of where you would like to save the CSR, select the box with the 3 periods next to the file name.

  10. Verify your CSR

  11. You will be asked to submit the file during the certificate enrollment. Open the file you created from the above steps and copy the contents. Then paste the contents into the window when requested in enrollment.