Published on Digi-Sign, The Certificate Corporation (https://www.digi-sign.com)

Home > Microsoft IIS 7 Server 2008

By Digi-Sign
Created Nov 28 2009 - 13:28

Microsoft IIS 7 Server 2008

Important Note:

Effective 1 January 2011, we will no longer support any Certificate Signing Request [CSR] generated with a 1024 bit key. This is because NIST, PKIX, WebTrust and other respective security standards no longer consider the 1024 bit key size as secure. Read more > [1]

Instructions

Follow these instructions to generate a certificate request (CSR).

  • Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager

  • In the IIS Manager, select the server node on the top left under Connections

  • In the Features pane (the middle pane), double-click the Server Certificates option located under the IIS or Security heading (depending on your current group-by view)

  • From the Actions pane on the top right, select Create Certificate Request. The Distinguished Name Properties dialog box opens

  • You will be asked for several pieces of info which will be used by Digi-Sign to create your new
    SSL certificate. These fields include the Common Name (aka domain, FQDN), organization, country, key bit length, etc. Use the CSR Legend in the right-hand column of this page to guide you when asked for this information. The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &

  • THIS IS THE MOST IMPORTANT STEP! Enter your site's Common Name. The Common Name is the fully-qualified-domain name for your web site or mail server. What ever your enduser will see in their browser's address bar is what you should put in here. Do not include http:// nor https://. Refer to the CSR legend in the right-hand column of this page for examples. If this is wrong, your certificate will not work properly

  • Enter your Organization (e.g., Gotham Books Inc) and Organizational Unit (e.g., Internet Sales). Click Next

  • Enter the rest of the fields using the CSR Legend on the right right-hand column of this page for guidance and examples. Click Next to continue

  • The next screen of the wizard asks you to choose cryptography options. The default Microsoft RSA SChannel Cryptography Provider is fine and a key bit-length of at least 2048 bits. Click Next to continue

  • Finally, specify a file name for the certificate request. It doesn't matter what you call it or where you save it as long as you know where to find it. You'll need it in the next step. We recommend calling it certreq.txt

  • Click Finish to complete the certificate request (CSR) Wizard

  • Now, from a simple text editor such as Notepad (do not use Word), open the CSR file you just created at c:\certreq.txt (your path/filename may be different). You will need to copy and paste the contents of this file, including the top and bottom lines, into the relevant box during the online order process


Source URL: https://www.digi-sign.com/support/digi-ssl/Microsoft%20iis%207

Links:
[1] https://www.digi-sign.com/about/announcements/2048