IIS (Internet Information Services) is a set of services designed to implement a web server in the Windows operating system with support for HTML sites and ASP.NET or ASP applications. Here is a complete guide on how to Generate CSR and Private keys on IIS 10.x.
Actually, the process is more or less the same as that was done on IIS 7 and IIS 8. We recommend that you write down your password and backup your key because, in case of loss, they cannot be restored, and we will not be able to help you. Any storage is recommended for saving your backup files.
Follow the below steps to create the CSR code in Microsoft Server 2016 using IIS 10 or 10.5.
- First, go to the Start Menu and search for ‘Internet Information Services (IIS) Manager.’ The Internet Information Services (IIS) Manager will be on your screen;
- Click on the server name located in the left pane under;
- Now go to the IIS section in the middle pane and double-click on Server Certificates.;
There is the "Actions" section on the right side, in which you need to click on "Create Certificate Request."
This will open the Certificate Request Form Wizard. In the Distinguished Name Properties window, enter the following information:
- The Common Name field should contain the Fully Qualified Domain Name (FQDN) - the web address for which you plan to use the IIS SSL certificate. You must be sure that the Common name that you have verified with CSR is the correct domain name / FQDN for which you are going to use the certificate. For a Wildcard SSL certificate, the Common Name must contain at least one asterisk (*) For example: * .domain.tld, * .sub.domain.tld
- Enter the Organization (company name) and the Organization Unit;
- Enter the location of the company: country, city, region;
- Click Next.
In the "Cryptographic Service Provider Properties" window, leave both settings as default (Microsoft RSA SChannel and 2048) and then click Next.
- Enter the file name and location to save your CSR file. You will need this CSR to register your IIS SSL certificate;
- Click Finish;
- Your new CSR is contained in \Desktop\cert_req.txt
To save the private key:
- Go to: Certificates in the MMC snap-in;
- Select Requests;
- Select All tasks;
- Select Export;
Please be sure that you have inserted the entire CSR into the SSL Generation form including
----- BEGIN CERTIFICATE REQUEST -----
----- END CERTIFICATE REQUEST -----