Certificate Services Support Knowledge Base

echinoidqueenServers

Dec 4, 2013 (3 years and 8 months ago)

113 views

Microsoft Internet Information Services
(IIS)

7



C
SR Generation Guidelines



1



Certificate Services Support Knowledge Base

How do I generate a CSR on Microsoft Internet Information Services (IIS) 7?

If you require an SSL certificate to secure a domain hosted in a Micros
oft Windows Server 2008 server, you must first generate a
Certificate Signing Request (CSR).



Before generating a certificate signing request for a domain in IIS 7, ensure that you have an

IIS 7 role added to your server.


To verify that IIS 7 is installe
d on the server, open your Web browser and go to

http://localhost/
.

If ISS 7 is installed, you will see the following page:




Do not use commas in any of the fields when creating your Certificate Signing Request (CSR). Commas are interpreted as the en
d of the
field and will cause an invalid CSR to be generated.

Do not use any of the following characters in the Web server Distinguished Name: ! @ # $ % ^ * ( ) ~ ? > < & /
\








Microsoft Internet Information Services
(IIS)

7



C
SR Generation Guidelines



2


To generate a new CSR
:

1.

Launch the Internet Information Services (IIS) Manager:



Start

>

Programs

>

Administrative

Tools

>

Internet

Informa
tion

Services

(IIS)

Manage
r

2.

In the Connections pane on the left, select the correct server name.



3.

Open the Server Certificates features by double
-
clicking the

Server

Certificates

icon located in the middle menu of the IIS
Manager window
.

4.

In the

Actions pane on the right, click

Create

Certificate

Request

to open the

Request

Certificate

wizard.



Note
: if you already have a certificate that is near expiration date and you need to renew it, select

Create

Certificate

Request.

Do not use th
e
Renew

option on the certificate from the Server Certificates action menu. The renewal function can
sometimes create an incompatible CSR.





Microsoft Internet Information Services
(IIS)

7



C
SR Generation Guidelines



3


5.

Enter the Distinguished Name information in the

Distinguished

Name

Properties

window in the wizard:

Attribut
e

Prefi
x

Descriptio
n

Exampl
e

Common nam
e

c
n

Domain to be secured by certificat
e

iis7cert.
e
ntrust.com

Organizatio
n

o

Organization’s legal business nam
e

E
ntrust Inc

Organizational Uni
t

o
u

Department in the organizatio
n

Certificate Dep
.

City/Localit
y

l

Business location
-

cit
y

O
ttawa

State/Provinc
e

s
t

Business location


state/provinc
e

O
ntario

Country/Regio
n

c

Business location
-

countr
y

Z
A





6.

Click

Next
.















Microsoft Internet Information Services
(IIS)

7



C
SR Generation Guidelines



4


7.

Select

Microsoft

RSA

Channel

Cryptographic

Provider

as the

Cryptographic

service

provider
. For

Bit

Length
, select

2048
.


Click

Next
.




8.

In the following window, specify the location and file name for your CSR. Take note of where the CSR is being stored, as you
will
need to access this file when you request a certifica
te. The file should contain a CSR similar to this
:

-----
BEGIN NEW CERTIFICATE REQUEST
----
-

MIIEhDCCA2wCAQAwgYAxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8
w

DQYDVQQHDAZPdHRhd2ExFTATBgNVBAoMDEVudHJ1c3QgSW5jLjEZMBcGA1UECww
Q

Q2VydGlmaWNhdGUgRGVwLjEcMBoGA1UEAwwTaWlzN2NlcnQuZW50cnVzdC5jYTC
C

OOqRZhp/bkDjEWW+OO1Z7hAnB1gcN4t1Q7TO3gZwyO9Yarv7gkPXCsCIMwJkhmz
B

X4n6sJ5KGAUQj+Qx6VDeyTzG6w8hTvXH0ILxVb7LYg12vcrt2O3wKdBwRdcPNtL
O

8nK2lCzuiMwL+cM8XJroaYCtr8A8mDHLCTQHy1y5PReZ2wYIChPWVwz
zrhWo7XZ
5

Vmcczl6amkU
=

-----
E
ND NEW CERTIFICATE REQUEST
-----

9.

Open the generated file containing the newly created Certificate Signing Request (CSR) and copy its content into the specifie
d
field when you are requesting a certificate from
L
AWtrust
.


Note
:

C
opy the full CSR including th
e

-----
BEGIN NEW CERTIFICATE REQUEST
----
-

-----
E
ND NEW CERTIFICATE REQUEST
-----

W
e
are here to help, please contact us should you have any questions or querie
s:





CONTACT>>>

T/ +27 12 676 9240

E/ ssl@lawtrust.co.za

W/ www.lawtrust.co.za