How to create an SSL Certificate Request in IIS 7.5 (Windows 2008 R2)

Issue: You need to obtain a third party SSL certificate
Solution: The steps below show you how to create a cert request in Windows 2008 R2 which you will submit to your third party certificate authority (GoDaddy, Comodo, GeoTrust, etc).  Note, you’ll need to buy a ‘certificate credit’ from the third party Certificate Authority (CA) of your choice and then you can run through the below steps to generate a CSR, submit it to your CA, and download your completed SSL Certificate.

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. In the Connections panel on the left, click the server name in which you want to generate the Cert Request (CSR).
  3. In the middle panel, double-click Server Certificates.
  4. In the Actions panel on the right, click Create Certificate Request…
  5. Enter the following Distinguished Name details:

Common Name — The fully-qualified domain name (FQDN), or hostname that will have an SSL certificate applied to it.  This should be the hostname that you expect your customers/end-users will put into their browser or application.

Single Name Certificates: A single-name certified issued to mail.enterpriseit.co will not work for www.enterpriseit.co or enterpriseit.co.  Also if you want a certificate that covers multiple subdomains (UCC) or unlimited subdomains (Wildcard), checkout my cheap SSL certificate guide where those options are explained.

Wildcard Certificates: If you are requesting a wildcard certificate, add an asterisk (*) on the left side of the Common Name, for example *.enterpriseit.co.
Organization — The legal name of the business. The organization must be the legal registrant of the domain name in the certificate request.  If you are obtaining a certificate as an individual, enter the certificate requester’s name in the Organization field.

Organizational Unit — I typically put “IT” in this field
City/Locality — The full name of the city in which your organization is registered/located. Do not abbreviate.
State/Province — The full name of state or province where your organization is located. Do not abbreviate.
Country — The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
Cryptographic service provider — select Microsoft RSA SChannel Cryptographic Provider .
Bit length — select 2048 or higher, and then click Next.

6. Enter the location and file name for the CSR file that will be generated, and then click Finish.
7. Find the CSR file you saved on your computer in Step 6 and open it with Notepad.
8. When you’re ready, you will copy and paste the contents of the CSR file in order to submit the Certificate Request to your chosen third party certificate authority (the entity that you purchased your certificate from).

Related

Leave a Reply

Your email address will not be published. Required fields are marked *