How to Generate CSR for Microsoft IIS 7

SSL stands for Secure Sockets Layer, which is the technology used to protect private information on your site, and an SSL Certificate uses this technology to give your website a protected identity. You install this digital certificate on the server to protect and host your website. A CSR (Certificate Signing Request) is a block of encoded text. It contains information that will be included in the certificate, such as the organization's name, domain name, locality, and country. It is produced on the server with the installed certificate and required during the SSL certificate application process.

If you are wondering what a CSR for IIS 7 is and how to generate a CSR, this article will guide you on the CSR generation process, beginning with gaining access to the IIS Manager and finishing the necessary fields on the CSR form.

Generating the CSR

Follow the steps below to begin with the IIS 7 CSR generation process.

1. Click the Windows Start menu. Then, open Administrative Tools.
2. Select Internet Services Manager or Internet Information Services (IIS) Manager.
3. From the left side, find the Connections screen.
4. Then, click the server name.
5. From the center menu, double-click the Server Certificates button in the Security section.
6. On the right side, select the Actions menu. Then, click on Create Certificate Request. This will open the Request Certificate wizard.
7. In the Distinguished Name Properties window, enter the information as follows:
   1. The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate. You will need to ensure that the common name submitted in the CSR is the correct domain name / FQDN that you intend to use the certificate for. For Wildcard SSL certificates, the common name should contain at least one asterisk.
8. Enter the Organization and Organization Unit, these are your company name and department respectively.
9. Enter your city/locality, state/province, and country/region. Click Next.
10. In the Cryptographic Service Provider Properties window, leave both settings at their defaults.
11. Enter a filename and location to save your CSR. You will need this CSR to entroll for your IIS SSL Certificate.
12. Click Finish. Your new CSR is now contained within the c:\certreq.txt.
13. When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form - including:
    1. -----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----
14. Click Next.
15. Confirm your details on the enrollment form.
16. Finish.

Saving your Private Key

Now that you have generated your CSR, you may start saving it. Follow the steps below on how to do so.

1. Open the Run command from the Start menu. Then, type mmc in the search field.
2. Go to Requests.
3. Click All tasks.
4. Then, select Export.
   Important: We recommend that you note down your password and backup your key, as these are known only to you, so if you lose them, we can't help! A removable storage device or other removable media is recommended for backup files. Please note that this last step is not required but is recommended if you intend to make any changes to the site.

Review

We all know that SSL certificates are generally essential to guarantee the security and integrity of online communications between a user's browser and a website's server. They encrypt the sent data, preventing malicious hackers from intercepting private information. This article provides a step-by-step guide on how to generate a CSR in IIS 7.