Creating a Certificate Signing Request (CSR) and Key

Follow the step-by-step instructions to generate a certificate signing request (CSR) and key:

You must have Service Pack 4 or highter or MS Internet Explorer 5 and higher

1. Open the Key Manager. Go to the Key menu and select Create New Key.
2. Select Put the request in a file that you will send to an authority. Enter a file and path in the text box that you will remember. Example: C:\NewKeyRq.txt. Click Next.
3. Enter your key name as specified in the previous step. Enter and confirm a password.
   Warning: If you lose the password, you must purchase another certificate.
4. When creating a CSR you must follow these conventions.
   Enter the Distinguished Name Field information.
   Note: The following characters can not be accepted:
   < > ~ ! @ # $ % ^ * / \ ( ) ?
   

   Distinguished Name Field	Explanation	Example
   Common Name	The fully qualified domain name for your web server. This must be an exact match.	If you intend to secure the URL https://www.identrust.com/, then your CSR's common name must be www.identrust.com
   Organization Name	The exact legal name of your organization. Do not abbreviate your organization name.	IdenTrust Inc.
   Organization Unit	Section of the organization	Marketing
   City or Locality	The city where your organization is legally located.	Salt Lake City
   State or Province Name	The state or province where your organization is legally located. Can not be abbreviated.	Utah
   Country Name	The two-letter ISO abbreviation for your country	US = United States
   Administrator Name	Contact name	John Smith
   E-mail Address	Contact e-mail address	abc@trustdst.com
   Phone Number	Contact phone number	###-###-####

5. After you close out of the key manager, click on Yes to Commit all Changes.
   Warning: If you do not click yes, your private key will not be saved and your certificate from IdenTrust will not install.
6. Send the entire certificate request to IdenTrust, including ----BEGIN CERTIFICATE REQUEST---- and ----END CERTIFICATE REQUEST----
   
   Note: Remember to back up your key pair file.

Backing up your key pair file

The process of backing up a key pair file and using it requires both an export and an import. Unlike other files, key pair file can't just be copied. To do the backup, you must do an "export". To restore your system, you must do an "import".

This process assumes identical web server configurations are used for exporting the key as well as for importing the key. So both servers must be IIS. You can't go from one type of server to another.

Exporting your key

1. Open your Microsoft Management Console via the IIS Internet Service Manager.
2. Click to open the Key Manager.
3. Select the key to be exported.
4. Select the Key menu and choose Export Key Backup File. Click OK in the Key Manager Warning box.
5. Specify the destination for saving your key, press OK.
6. Close your Key Manager and Management Console windows.

Exporting your key

1. Open the Microsoft Management Console (via the IIS Internet Service Manager).
2. Click to open the Key Manager.
3. Select the destination WWW server.
4. Select the Key menu and choose Import Key Backup File.
5. Point to the location where you stored your key.
6. Confirm your password.
7. When the Server Connection dialogue box appears, select IP Address and type your IP address and port (e.g., 443) associated with this key.
8. Select Commit Changes Now under the Computer menu and click on Commit all changes now.
9. Close your Key Manager and Management Console windows.

Back to Listing