SSL Certificates

Generating a CSR for Microsoft Internet Information Server (IIS) 5

Follow these instructions to generate a CSR for your Web site.

Note: If you are renewing your certificate or your site is currently running a web server certificate please refer to renewal section of this document.

You must have at least Service Pack 1 installed

1. Select the Internet Information Services console within the Administrative Tools menu.
   
   
2. Select the computer and web site (host) that you wish to secure.
   Right mouse-click to select Properties.
   
   
3. Select the Directory Security tab.
   
   
4. Select Server Certificateunder Secure Communications
   
   
5. Click Next in the Welcome to the Web Server Certificate Wizard window.
   
   
6. Select Create a new certificate, Click Next.
   
   
7. Select Prepare the request now, but send it later.
   
   
8. At the Name and Security Settings screen, fill in the [friendly] name field for the new certificate. Select bit length. We recommend using 1024-bit length. Click Next.
   
   
9. When creating a CSR you must follow these conventions.
   Enter your Distinguished Name Field information.
   The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?&.
   This includes commas.

10. Enter your Administrator contact information.
    
    
11. Enter a path and file name for the CSR.

12. Verify your request and then click Next.
    
    
13. At the Completing the Web Server screen, select Finish.
    
    DO NOT REMOVE the pending request or the .crt file will not match and your certificate will not install.
    
    
14. Select Finish.
    
    
15. Submit your CSR us by pasting the CSR. You will be asked to complete the agreement and the enrollment form as well.

Renewals or Sites currently running ssl

The renewal request option within IIS 5.0 does not create a request in a PKCS10 format. This may be corrected with a future Service Pack. IIS 5.0 does not allow your site that is currently running SSL to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a SSL session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following. Please read and print these instructions before submitting your new certificate request.

1. Leave your existing site that currently has the certificate installed alone.
   
   
2. Create another virtual site within IIS (this does not have to be a functional site).
   
   
3. Enter Properties for the newly created virtual site, then go to the Certificate Wizard to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace.
   
   
4. Visit our website and select your preferred certificate product type. Then click the relevant Buy Now button to begin the enrollment process.
   
   
5. Wait for the new certificate file to be emailed to you.
   
   
6. Install this certificate into your new virtual site; follow the process the pending request by selecting the certificate file we sent you. Complete the installation of your new certificate into your virtual web site.
   
   
7. Now delete the new virtual site!
8. Go to your Production web site, enter Properties, and select Replace the current certificate - choose the new certificate from the list.
   
   
9. Make sure you bind the web site to a unique IP address at Port 443, then Stop and then Start your web site. Your new certificate should be installed.
10. When convenient, go into your MMC console (with Certificate snap-in added) and delete the old certificate.

See Also

• Q104197: SSL Certificates: Generating a CSR