Generating a Certificate Signing Request — Microsoft IIS 8.5 (valid for IIS 8 and 7.5 and 7)

Before you can request a certificate, you need to use Microsoft®’s IIS Manager to generate a Certificate Signing Request (CSR) for your website.

To Generate a CSR
Launch the Server Manager
From Tools, select Internet Information Services (IIS) Manager.
In the Connections panel on the left, click the server name for which you want to generate the CSR.
In the middle panel, double-click Server Certificates.
In the Actions panel on the right, click Create Certificate Request
Enter the following Distinguished Name Properties, and then click Next:
NOTE: The following characters are not accepted when entering information: < > ~ ! @ # $ % ^ * / \ ( ) ? &

Common Name — The fully-qualified domain name (FQDN) — or URL — for which you plan to use your certificate (the area of your site you want customers to connect to using SSL).
An SSL certificate issued for is not valid for or If you want your SSL to cover, make sure the common name submitted in the CSR is
If you are requesting a wildcard certificate, add an asterisk (*) on the left side of the Common Name (e.g., * or *
Organization — The name in which your business is legally registered. The organization must be the legal registrant of the domain name in the certificate request.
NOTE: If you are enrolling as an individual, enter the certificate requester’s name in the Organization field, and the Doing Business As (DBA) name in the Organizational Unit field.

Organizational Unit — Use this field to differentiate between divisions within an organization (such as “Engineering” or “Human Resources”).
City/Locality — The full name of the city in which your organization is registered/located. Do not abbreviate.
State/Province — The full name of the state or province where your organization is located. Do not abbreviate.
Country — The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
For Cryptographic service provider, select Microsoft RSA SChannel Cryptographic Provider.
For Bit length, select 2048 or higher, and then click Next.
Click …, enter the location and file name for your CSR, and then click Finish.

You now have a CSR that you can use to purchase an SSL certificate.

Leave a Reply