Generate CSR: IIS 7 Microsoft Windows Server 2008

Instructions to generate a certificate request (CSR) in IIS 7 Windows Server 2008

  1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs >Administrative Tools > Internet Information Services Manager.
  2. In the IIS Manager, select the server node on the top left under Connections
  3. In the Features pane (the middle pane), double-click the Server Certificates option located under the IIS or Security heading (depending on your current group-by view).
  4. From the Actions pane on the top right, select Create Certificate Request. The Distinguished Name Properties dialog box opens.
  5. You will be asked for several pieces of info which will be used by GeoTrust to create your new SSL certificate. These fields include the Common Name (aka domain, FQDN), organization, country, key bit length, etc. Use the CSR Legend in the right-hand column of this page to guide you when asked for this information. The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &
  6. THIS IS THE MOST IMPORTANT STEP! Enter your site’s Common Name. The Common Name is the fully-qualified-domain name for your web site or mail server. What ever your end-user will see in their browser’s address bar is what you should put in here. Do not include http:// nor https://. Refer to the CSR legend in the right-hand column of this page for examples. If this is wrong, your certificate will not work properly.
  7. Enter your Organization (e.g., Gotham Books Inc) and Organizational Unit (e.g., Internet Sales). Click Next.
  8. Enter the rest of the fields using the CSR Legend on the right right-hand column of this page for guidance and examples.
  9. Click Next to continue.
  10. The next screen of the wizard asks you to choose cryptography options. The default Microsoft RSA SChannel Cryptography Provider is fine and a key bit-length of 2048.
  11. Click Next to continue.
  12. Finally, specify a file name for the certificate request. It doesn’t matter what you call it or where you save it as long as you know where to find it. You’ll need it in the next step. We recommend calling it certreq.txt.
  13. Click Finish to complete the certificate request (CSR) Wizard.
  14. Now, from a simple text editor such as Notepad (do not use Word), open the CSR file you just created at c:\certreq.txt (your path/filename may be different). You will need to copy-and-paste the contents of this file, including the top and bottom lines, into the relevant box during the online order process.



Reference by

How to Generate a CSR for Microsoft IIS 6.0

NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.

To generate a CSR for Microsoft IIS 6.0, perform the following steps:

An Important Message Before You Start:

By far the most common problem users have when going through this process is related to Private Keys.

If you lose or cannot access a Private Key, you cannot use the Certificate we issue to you.

To ensure this never happens, we advise that a backup of the Private Key file is made and that a note is made of the password that is used to protect the export of the Private Key.

To generate a CSR in Microsoft IIS 6.0 follow the instructions below:

Start the Key/CSR Generation Process:

1. Open the Internet Services Manager Start > Programs > Administrative Tools

2. Right-click on the Web site you would like to create the Key/CSR pair for.

3. Select Properties.

4. Click the Directory Security tab.

5. Under the Secure Communications section, click Server Certificate

6. This will start the Web Site Certificate Wizard. Click Next.

7. From the Web Site Certificate Wizard, select the Create a new Certificate option.

8. Select Prepare the request now, but send it later option from the list.

You will need to prepare the request now but will only submit the request (CSR) via our online request forms. We do not accept CSR’s via email.

9. Enter a name for the Certificate and select a key bit length of the Key file.

At this point you will decide what encryption strength your Private Key and CSR will be set at.

A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.

This information will be displayed on your Certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. Certain characters must be excluded from your CSR fields, or your certificate may not work.

Do not use any of the following characters: [ ! @ # $ % ^ * ( ) ~ ? > < & / , ” ‘ ]

10. Enter your Organization and Organizational Unit (Department)

11. Enter your Common Name

The term “common name” is X.509 “speak” for the name that distinguishes the Certificate best, and ties it to your Organization.

In the case of SSL Web Server Certificates, enter your exact host and domain name that you wish to secure.

Example: If you wish to secure, then you will need to enter the exact host (www) and domain name in this field.

If you enter then the Certificate issued to you will only work error free on that exact domain name.

It will cause an error when you or your users access the domain name as

12. Enter the geographical details of your Organization.

13. The wizard will now want to create and save the CSR file. Click Browse and select a location to save the CSR file. Enter a name for the file and click Next.

14. The next page will display the summary of the Certificate you want to submit for enrollment.

15. Click Finish to complete the Web Server Certificate Wizard

16. Finish and exit IIS Certificate Wizard.

A CSR file has been generated. To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended)

NOTE: Upon completing the Certificate Wizard, it is important to leave the request pending for successful certificate installation. Choosing the option to delete the pending request from the Certificate Wizard will prevent installation of the certificate that is returned.

It is strongly recommended to Backup your private key.

Courtesy :