Account | Help |
Contact | Services | Whois | DIG |

Generate a CSR for Microsoft Internet Information Server 5

Note: If you are renewing your certificate or your site is currently running a web server certificate please refer to renewal section of this document.

Follow these instructions to generate a CSR for your web site.

  1. Select the Internet Information Services console within the Administrative Tools menu.
  2. Select the computer and web site (host) that you wish to secure. Right mouse-click to select Properties.
  3. Select the Directory Security tab.
  4. Select Server Certificate under Secure Communications
  5. Click Next in the Welcome to the Web Server Certificate Wizard window.
  6. Select Create a new certificate, Click Next.
  7. Select Prepare the request now, but send it later.
  8. At the Name and Security Settings screen, fill in the [friendly] name field for the new certificate. Select bit length. We recommend using 2048-bit length. Click Next.
  9. Enter your Distinguished Name Field information. More information on the fields is available here.
  10. Enter your Administrator contact information.
  11. Enter a path and file name for the CSR.
  12. Verify your request and then click Next.
  13. At the Completing the Web Server screen, select Finish.
    DO NOT REMOVE the pending request or the .crt file will not match and your certificate will not install.
  14. Select Finish.
  15. Copy the CSR and use it to buy your certificate online.

Renewals or Sites currently running ssl

The renewal request option within IIS 5.0 does not create a request in a PKCS10 format. This may be corrected with a future Service Pack. IIS 5.0 does not allow a site that is currently running SSL to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a SSL session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following. Please read and print these instructions before submitting your new certificate request.

  1. Leave your existing site that currently has the certificate installed alone.
  2. Create another virtual site within IIS (this does not have to be a functional site).
  3. Generate your CSR following the instructions above.
  4. Wait for the new certificate file to be emailed to you from.
  5. Install this certificate into your new virtual site; follow the process the pending request by selecting the certificate file sent to you.
  6. Complete the installation of your new certificate into your virtual web site.
  7. Now delete the new virtual site.
  8. Go to your Production web site, enter Properties, and select Replace the current certificate - choose the new certificate from the list.
  9. Make sure you bind the web site to a unique IP address at Port 443, then Stop and then Start your web site. Your new certificate should be installed.
  10. When convenient, go into your MMC console (with Certificate snap-in added) and delete the old certificate.

Check your certificate signing request online.
Back to help on the certification process.
Buy your certificate online.

© SpaceReg 1998-2023