Generate a CSR for Microsoft Internet Information Server 5
Note: If you are renewing your certificate or your site is currently running a web server certificate please refer to renewal section of this document.
Follow these instructions to generate a CSR for your web site.
- Select the Internet Information Services console within the Administrative Tools menu.
- Select the computer and web site (host) that you wish to secure. Right mouse-click to select Properties.
- Select the Directory Security tab.
- Select Server Certificate under Secure Communications
- Click Next in the Welcome to the Web Server Certificate Wizard window.
- Select Create a new certificate, Click Next.
- Select Prepare the request now, but send it later.
- At the Name and Security Settings screen, fill in the [friendly] name field for the new certificate. Select bit length. We recommend using 2048-bit length. Click Next.
- Enter your Distinguished Name Field information. More information on the fields is available here.
- Enter your Administrator contact information.
- Enter a path and file name for the CSR.
- Verify your request and then click Next.
- At the Completing the Web Server screen, select Finish.
DO NOT REMOVE the pending request or the .crt file will not match and your certificate will not install.
- Select Finish.
- Copy the CSR and use it to buy your certificate online.
The renewal request option within IIS 5.0 does not create a request in a PKCS10 format. This may be corrected with a future Service Pack. IIS 5.0 does not allow a site that is currently running SSL to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a SSL session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following. Please read and print these instructions before submitting your new certificate request.
- Leave your existing site that currently has the certificate installed alone.
- Create another virtual site within IIS (this does not have to be a functional site).
- Generate your CSR following the instructions above.
- Wait for the new certificate file to be emailed to you from.
- Install this certificate into your new virtual site; follow the process the pending request by selecting the certificate file sent to you.
- Complete the installation of your new certificate into your virtual web site.
- Now delete the new virtual site.
- Go to your Production web site, enter Properties, and select Replace the current certificate - choose the new certificate from the list.
- Make sure you bind the web site to a unique IP address at Port 443, then Stop and then Start your web site. Your new certificate should be installed.
- When convenient, go into your MMC console (with Certificate snap-in added) and delete the old certificate.
|