Creating a Certificate Signing Request (CSR) and Key
Follow the step-by-step instructions to generate a certificate signing request (CSR) and key:
- Select the Internet Information Services console within the Administrative Tools menu.
- Select the computer and web site (host) that you wish to secure. Right mouse-click to select Properties.
- Select the Directory Security tab.
- Select Server Certificate under Secure Communications
- Click Next in the Welcome to the Web Server Certificate Wizard window.
- Select Create a new certificate, Click Next.
- Select Prepare the request now, but send it later.
- At the Name and Security Settings screen, fill in the [friendly] name field for the new certificate. Select bit length. We recommend using 1024-bit length. Click Next.
- When creating a CSR you must follow these conventions.
Enter the Distinguished Name Field information.
Note: The following characters can not be accepted:
< > ~ ! @ # $ % ^ * / \ ( ) ?
Distinguished
Name Field |
Explanation |
Example |
|
Common Name |
The fully qualified domain name for your web server. This must be an exact
match. |
If you intend to secure the URL https://www.identrust.com/, then your
CSR's common name must be www.identrust.com |
|
Organization Name |
The exact legal name of your organization. Do not abbreviate your organization name. |
IdenTrust Inc. |
|
Organization Unit |
Section of the organization |
Marketing |
|
City or Locality |
The city where your organization is legally located. |
Salt Lake City |
|
State or Province Name |
The state or province where your organization is legally located. Can not
be abbreviated. |
Utah |
|
Country Name |
The two-letter ISO abbreviation for your country |
US = United States |
- Enter your Administrator contact information.
- Enter a path and file name for the CSR.
- Verify your request and then click Next.
- At the Completing the Web Server screen, select Finish.
DO NOT REMOVE the pending request or the .crt file will not match and your certificate will not install.
- Send the entire certificate request to IdenTrust, including ----BEGIN CERTIFICATE REQUEST---- and ----END CERTIFICATE REQUEST----
Note: Remember to back up your key pair file.
Backing up your key pair file
Creating your Snap-in Management Console
Certificate Snap-in consoles (MMC) are not preconfigured. You will need to preconfigure your Snap-in consoles in order to perform any Export/Import functionality. To preconfigure your Snap-in consoles, follow the steps below: The system administrator will have to create the console.
- Go to Start. Select Run. Type mmc and click OK. This will bring up a empty console with no management functionality.
- Click Add/Remove Snap-in on the Console menu.
- The Snap-ins added to box will list only the Console Root. Click Add.
- Click Certificates Snap-in and then click Add.
- Select Computer Account.
- Click on Finish.
- Click Close.
- Click on OK.
Managing your certificates
- Go to the Microsoft Management Console (MMC) for Snap-in Certificates.
- Select the folders Console Root\Certificates(Local Computer)\Personal\Certificates.
- Right click on the certificate to export.
- Go to the Action menu.
- Select All Tasks and Export.
- The Welcome to the Certificate Manager Import Wizard window opens. Click Next.
- Select Yes, export the private key. Click Next.
- Make sure the Personal Information Exchange- PKCS # 12(.PFX) box is selected.
Warning: Make sure that the "Delete the private key if the export is successful" is NOT checked.
- Check the box Enable strong protection (requires IE5.0, NT4.0 SP4 or above. Select Next.
- Type and confirm your export password.
Warning: If you lose the password, you must purchase another certificate.
- Save the file to a disk or other form of media. You should choose a from of media that you will be able to recover if your system has to be rebuilt. Save this file in a secure location as a pfx extension.
- Select Finish.
 Back to Listing
|
