Generate a CSR in IIS

This article will discuss how to generate a CSR in IIS in order to issue an SSL certificate. Please choose the version of IIS below that is appropriate for your server.

IIS 6

    • Log into your server through Remote Desktop Connection (instructions for connecting to your server through RDC can be found here).
    • Open Internet Information Services (IIS) Manager.
    • Navigate to the folder for Web Sites in IIS and find the domain for which the CSR is going to be generated.
    • Right-click the domain and choose Properties.
    • Click the tab Directory Security.
    • Click the Server Certificate… button under Secure Communications.
    • On the following screen, click Next.
    • Select the radio button for Create a New Certificate. Click Next.
    • Select the radio button for Prepare the request but send it later. Click Next.
    • Enter in the name for the CSR. Leave the bit length at 1024 unless the SSL provider requires a higher bit length. Click Next.
    • Enter in the organization name (typically a company name) and an Organization Unit (Security or Sales is typical). Click Next.
    • Enter in the common name for the SSL. For example, if you’re ordering an SSL for domain.com, then the name would be domain.com. If you’re ordering an SSL for www.domain.com, then the name would bewww.domain.com. Click Next.
    • Enter in the country, state, and city. You must spell out the state. For example if the organization is based in Delaware, you must type ‘Delaware’. Click Next.
    • Enter a file name to save the file. Click Next.
    • Review the information entered and if everything is as expected click Next. Then click Finish.
    • Navigate to the location of the file saved above and open the file. This is the CSR to pass onto the SSL provider.

The private key is now stored in IIS for the site. When the certificate is issued, you can install the certificate within IIS and the private key will match.

IIS 7

    • Log into your server through Remote Desktop Connection (instructions for connecting to your server through RDC can be found here).
    • Open Internet Information Services (IIS) Manager.
    • Navigate to the hostname for the server within IIS and double click Server Certificates.
    • On the right side of the screen, click Create Certificate Request…
    • Fill in the information. For the common name, enter the domain for which the SSL will be issued. For example, if you’re ordering an SSL for domain.com, then the name would be domain.com. If you’re ordering an SSL for www.domain.com, then the name would be www.domain.com. The organization should be your company name. The organizational unit is typically Security or Sales. Enter in the city, state and country. Make sure that the state is spelled out rather than abbreviated. Click Next.

 

    • Change the bit length if the SSL provider requires a higher bit length. Otherwise, the default 1024 bit length is sufficient. Click Next.
    • Enter in a filename to save the CSR. Click Finish.
    • Navigate to the location of the file saved above and open the file. This is the CSR to pass onto the SSL provider.

The private key is now stored in IIS for the site. When the certificate is issued, you can install the certificate within IIS and the private key will match.