Generate a Certificate Signing Request (CSR)

Microsoft
Internet Information Server (IIS) 4.0

Follow these instructions to generate a CSR for your Web site. When you
have completed this process, click the “close” button below to close this
window and continue to the next step.

You
must have Service Pack 4 or higher, or MS Internet Explorer 5 and higher

  1. Open
    the Key Manager. Go to the Key menu and select
    Create
    New Key
    .

  2. Select Put the request in a file that you will
    send to an authority
    . Enter a file and
    path in the text box that you will remember.
    Example: C:\NewKeyRq.txt.
    Click
    Next.

  3. Enter
    your key name as specified in the previous step. Enter and confirm
    a password.

Warning: If
you lose the password, you must purchase another certificate.

Certificate
Replacement Policy

  1. When
    creating a CSR you must follow these conventions.
    Enter the Distinguished Name Field information.
    The
    followin
    g
    characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( )
    ?&.

Distinguished
Name Field
Explanation

Common
Name

The
fully qualified domain name for your web server. This must be an exact
match.

example: If you intend to secure the URL https://www.geotrust.com, then
your CSR’s common name must be www.geotrust.com.

Organization

The
exact legal name of your organization. Do not abbreviate your organization
name.

example: GeoTrust
Inc.

Organization
Unit

Section
of the organization

example: Marketing

City
or Locality

The
city where your organization is legally located.

example: Atlanta

State/Province

The
state or province where your organization is legally located. Can
not be abbreviated.

example: Georgia

Country

The
two-letter ISO abbreviation for your country.

example: US = United States

Administrator
Name

Contact
Name

example: John Smith

Email
Address

Contact
Email

example: john.smith@geotrust.com

Phone
Number

Contact
Phone

example: 555-555-1212  

  1. After you close out of the key
    manager, click on
    Yes to Commit all Changes.

    Warning: If you do not click yes, your private key will not be saved and your
    certificate from GeoTrust will not install.

  2. Submit your CSR
    to GeoTrust by clicking on Continue, you will be asked to complete
    the agreement and the enrollment form as well.

    Note: Remember
    to back up your key pair file.

The Server Gated Cryptographic
extension can be enabled or disabled from the registry.

Check the registry key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\SecurityProviders\
SCHANNEL

By default, there is no value
or key for EnableSGC. You have to add it in order to support SGC, and
you would set the value to 1 – that is, you would create a new key “EnableSGC”
and set its value to 1. If the “EnableSGC” key already exists, just set
EnableSGC=0.

See also the following Microsoft
articles:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q234271 http://support.microsoft.com/default.aspx?scid=kb;en-us;Q194889 http://support.microsoft.com/default.aspx?scid=kb;EN-US;q239449 http://support.microsoft.com/default.aspx?scid=kb;EN-US;q249863