Generate a Certificate Signing Request (CSR)

Microsoft Internet
Information Server 5

Follow these instructions to generate a CSR for your Web site. When you
have completed this process, click the “close” button below to close this
window and continue to the next step.

Note: If you are renewing your certificate or your site is currently running a web server
certificate please refer to renewal section of this document.

You must have at least Service Pack 1 installed

  1. Select the Internet Information Services console within the
    Administrative Tools menu.

  2. Select the computer and web site (host) that you wish to secure.
    Right mouse-click to select Properties.

  3. Select the Directory Security tab.
  4. Select Server CertificateunderSecure Communications
  5. Click Next in the Welcome to the Web Server Certificate Wizard
    window.

  6. Select Create a new certificate, Click Next.
  7. Select Prepare the request now, but send it later.
  8. At the Name and Security Settings screen, fill in the [friendly]
    name field for the new certificate. Select bit length. We recommend
    using 1024-bit length. Click Next.

  9. When creating a CSR you must follow these conventions.
    Enter your Distinguished Name Field information.
    The following characters can not be accepted: < > ~ ! @ # $ %
    ^ * / \ ( ) ?&.
    This includes commas.

Distinguished
Name Field

Explanation

 
Example

Common
Name

The
fully qualified domain name for your web server. This must be
an exact match.

If
you intend to secure the URL https://secure.geotrust.com, then
your CSR’s common name must be secure.geotrust.com.

Organization

The
exact legal name of your organization. Do not abbreviate your
organization name.

GeoTrust
Inc.

Organization
Unit

Section
of the organization

Marketing

City
or Locality

The
city where your organization is legally located.

Atlanta

State
or Province

The
state or province where your organization is legally located.
Can not be abbreviated.

Georgia

Country/Region

The
two-letter ISO abbreviation for your country.

US
= United States

  1. Enter your Administrator contact information.
  2. Enter a path and file name for the CSR.

  1. Verify your request and then click Next.
  2. At the Completing the Web Server screen, select Finish.

    DO NOT REMOVE the pending request or the .crt file will not match
    and your certificate will not install.

  3. Select Finish.
  4. Submit your CSR to GeoTrust by clicking on Continue. You will
    be asked to complete the agreement and the enrollment form as well.

Renewals
or Sites currently running ssl

The renewal request option
within IIS 5.0 does not create a request in a PKCS10 format. This may be corrected
with a future Service Pack. IIS 5.0 does not allow your site that is currently
running SSL to generate a certificate signing request (CSR) without removing the
existing certificate. For most sites this is not an option since your site will
not be able to run a SSL session while your certificate is being processed. To
obtain a certificate for your existing web site you will have to do the following.
Please read and print these instructions before submitting your new certificate
request.

  1. Leave your existing site that currently has the certificate installed alone.
  2. Create another virtual site within IIS (this does not have to be a functional
    site).

  3. Enter Properties for the newly created virtual site, then go to the Certificate Wizard to create a new certificate request. The
    information you enter on this certificate request should match exactly the
    information on your production certificate, since that is the existing certificate
    this new CSR will replace.

  4. Visit http://www.geotrust.com/web_security/index.htm and select your preferred certificate product type. Then click the relevant
    Buy Now button to begin the enrollment process.

  5. Wait for the new certificate file to be emailed to you from support@geotrust.com.
  6. Install this certificate into your new virtual site; follow the process
    the pending request
    by selecting the certificate file we sent you. Complete
    the installation of your new certificate into your virtual web site.

  7. Now delete the new virtual site!
  8. Go to your Production web site, enter Properties, and select Replace
    the current certificate
    – choose the new certificate from the list.

  9. Make sure you bind the web site to a unique IP address at Port 443, then
    Stop and then Start your web site. Your new certificate should be installed.

  10. When convenient, go into your MMC console (with Certificate snap-in added)
    and delete the old certificate.