Skip to main content

This how-to will step you through generating a certificate signing request (CSR) in IIS. These procedures were tested in Windows 10 on IIS 10, but will also work in IIS 7.x and 8.x.

Warning: If you lose the password you set during this process, you must purchase another certificate.

Start IIS Manager.

1. Start IIS Manager. One quick way to do this is by opening the Run command, then typing inetmgr and clicking the OK button.

Image

 

2. Select server. Select the server in the Connections pane, on the left side of the window.

 

Image

 

3. Open Server Certificates. Double-click the Server Certificates icon, located under IIS in the center pane of the window.

 

Image

 

4. Click “Create Certificate Request.”
Click the Create Certificate Request… link, in the Actions pane on the right side of the window.

 

Image

 

5. Enter Distinguished Name Properties.

The Request Certificate wizard will open. Fill out the Distinguished Name Properties form with the following information:

Distinguished Name Field Explanation Example
Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.identrust.com/, then your CSR's common name must be www.identrust.com
Organization The exact legal name of your organization. Do not abbreviate your organization name. IdenTrust Inc.
Organizational Unit Section of the organization Marketing
City or Locality The city where your organization is legally located. Salt Lake City
State or Province The state or province where your organization is legally located. Do not abbreviate the state or province name. Utah
Country/region The two-letter ISO abbreviation for your country US = United States

 

When you are finished filling out the form, click the Next button

Image

 

6. Set Cryptographic Service Provider Properties.
Next, set the Cryptographic Service Provider Properties. Use the drop-down menus to select Microsoft RSA SChannel Cryptographic Provider as the cryptographic service provider, and a bit length of 2048 (unless you have a reason to set these to other values). When you are finished, click the Next button.

 

Image

 

7. Create file name and finish.
Create a file name for your CSR, then click the Finish button.

 

Image

 

8. Send the entire certificate request to IdenTrust, including ----BEGIN CERTIFICATE REQUEST---- and ----END CERTIFICATE REQUEST---- Note: Remember to back-up your key pair file.

Windows servers use .pfx files that contain both the public key file (SSL certificate file) and the associated private key file. When you generate the CSR, you create a key pair (public/private). You send the public key to IdenTrust (a Certificate Authority), so we can create and issue your SSL certificate. The private key stays on the server you used to generate the CSR.

Warning: If you lose the password you set during this process, you must purchase another certificate.