Here is a complete guide on how to Generate CSR and Private keys on your Windows IIS 7 or IIS 8 servers. We recommend that you write down your password and backup your key because, in case of loss, they cannot be restored, and we will not be able to help you. Any storage is recommended for saving your backup files.
- Click Start;
- Select Administrative Tools;
- Launch Internet Services Manager;
- Click Server Name;
- In the central menu, double-click the "Server Certificates" button in the "Security" section.
There is the "Actions" section on the right side, in which you need to click on "Create Certificate Request."
This will open the Certificate Request Form Wizard. In the Distinguished Name Properties window, enter the following information:
- The Common Name field should contain the Fully Qualified Domain Name (FQDN) - the web address for which you plan to use the IIS SSL certificate. You must be sure that the Common name that you have verified with CSR is the correct domain name / FQDN for which you are going to use the certificate. For a Wildcard SSL certificate, the Common Name must contain at least one asterisk (*) For example: * .domain.tld, * .sub.domain.tld
- Enter the Organization (company name) and the Organization Unit;
- Enter the location of the company: country, city, region;
- Click Next.
In the "Cryptographic Service Provider Properties" window, leave both settings as default (Microsoft RSA SChannel and 2048) and then click Next.
- Enter the file name and location to save your CSR file. You will need this CSR to register your IIS SSL certificate;
- Click Finish;
- Your new CSR is contained in \Desktop\cert_req.txt
To save the private key:
- Go to: Certificates in the MMC snap-in;
- Select Requests;
- Select All tasks;
Please be sure that you have inserted the entire CSR into the SSL Generation form including
----- BEGIN CERTIFICATE REQUEST -----
----- END CERTIFICATE REQUEST -----