Generate a Certificate Signing Request (CSR)

Microsoft Internet
Information Server 5

Follow these instructions to generate a CSR for your Web site. When you
have completed this process, click the “close” button below to close this
window and continue to the next step.

Note: If you are renewing your certificate or your site is currently running a web server
certificate please refer to renewal section of this document.

You must have at least Service Pack 1 installed

  1. Select the Internet Information Services console within the
    Administrative Tools menu.

  2. Select the computer and web site (host) that you wish to secure.
    Right mouse-click to select Properties.

  3. Select the Directory Security tab.
  4. Select Server CertificateunderSecure Communications
  5. Click Next in the Welcome to the Web Server Certificate Wizard

  6. Select Create a new certificate, Click Next.
  7. Select Prepare the request now, but send it later.
  8. At the Name and Security Settings screen, fill in the [friendly]
    name field for the new certificate. Select bit length. We recommend
    using 1024-bit length. Click Next.

  9. When creating a CSR you must follow these conventions.
    Enter your Distinguished Name Field information.
    The following characters can not be accepted: < > ~ ! @ # $ %
    ^ * / \ ( ) ?&.
    This includes commas.

Name Field




fully qualified domain name for your web server. This must be
an exact match.

you intend to secure the URL, then
your CSR’s common name must be


exact legal name of your organization. Do not abbreviate your
organization name.



of the organization


or Locality

city where your organization is legally located.


or Province

state or province where your organization is legally located.
Can not be abbreviated.



two-letter ISO abbreviation for your country.

= United States

  1. Enter your Administrator contact information.
  2. Enter a path and file name for the CSR.

  1. Verify your request and then click Next.
  2. At the Completing the Web Server screen, select Finish.

    DO NOT REMOVE the pending request or the .crt file will not match
    and your certificate will not install.

  3. Select Finish.
  4. Submit your CSR to GeoTrust by clicking on Continue. You will
    be asked to complete the agreement and the enrollment form as well.

or Sites currently running ssl

The renewal request option
within IIS 5.0 does not create a request in a PKCS10 format. This may be corrected
with a future Service Pack. IIS 5.0 does not allow your site that is currently
running SSL to generate a certificate signing request (CSR) without removing the
existing certificate. For most sites this is not an option since your site will
not be able to run a SSL session while your certificate is being processed. To
obtain a certificate for your existing web site you will have to do the following.
Please read and print these instructions before submitting your new certificate

  1. Leave your existing site that currently has the certificate installed alone.
  2. Create another virtual site within IIS (this does not have to be a functional

  3. Enter Properties for the newly created virtual site, then go to the Certificate Wizard to create a new certificate request. The
    information you enter on this certificate request should match exactly the
    information on your production certificate, since that is the existing certificate
    this new CSR will replace.

  4. Visit and select your preferred certificate product type. Then click the relevant
    Buy Now button to begin the enrollment process.

  5. Wait for the new certificate file to be emailed to you from
  6. Install this certificate into your new virtual site; follow the process
    the pending request
    by selecting the certificate file we sent you. Complete
    the installation of your new certificate into your virtual web site.

  7. Now delete the new virtual site!
  8. Go to your Production web site, enter Properties, and select Replace
    the current certificate
    – choose the new certificate from the list.

  9. Make sure you bind the web site to a unique IP address at Port 443, then
    Stop and then Start your web site. Your new certificate should be installed.

  10. When convenient, go into your MMC console (with Certificate snap-in added)
    and delete the old certificate.