IIS - Generate CSR
This manual applies to IIS 7, 8, 8,5 and 10. A different manual is available for IIS 5 and 6, and Exchange 2000 and 2003.
A Certificate Signing Request (CSR) is required when applying for an SSL certificate. This CSR (and private key) can be generated on your webserver. To request a wildcard certificate, fill in an * (asterisk) for the subdomain, for example *.sslcertificaten.nl (instead of www.sslcertificates.nl).
- Open the IIS Manager via Start → Administrative Tools → IIS Manager.
- Choose the server name and then click Features (middle field)
- Double-click Server Certificates under Security.
- Open the Properties page of the site which must be secured.
- Right-click Create Certificate Request under Actions panel to create a CSR.
- Click the Server Certificate button to start the wizard.
- In the first screen of the wizard you will be asked to fill in data concerning your organization. Please do so and click Next to go further.
- In the next screen of the wizard, the cryptography-settings are set. You can leave this at the standard setting (Microsoft RSA Channel Cryptography Provider). A Bit Length of 1024 bits is the default option; change this to 2048 bits as this is currently the minimum requirement. Please click Next to go to the next screen.
- Enter a file name and path to the location where the CSR must be stored (for instance c:\documents and settings\administrator\desktop\sslcertificaten.nl.csr). This information will be needed again when requesting the CSR later. Without specifying a location, your CSR will be saved to C:\Windows\System32. Click Finish. The CSR has now been saved.
To order a certificate, copy the entire contents of the generated CSR, including the first and last line and all dashes.