MICROSOFT IIS 5.0 & 6.0 CSR CREATION

Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to Trustzone in order to be generated into a SSL Security Certificat

Note: If you are renewing your certificate from an IIS 5 or your site is currently running a web server certificate issued from a 1024 bit key, please refer to renewal section at the bottom of this document.

You must have at least Service Pack 1 installed

  1. Select the Internet Information Services console within the Administrative Tools menu.
  2. Select the computer and web site (host) that you wish to secure.
    Right mouse-click to select Properties
  3. Select the Directory Security tab.
  4. Select Server Certificate under Secure Communications
  5. Click Next in the Welcome to the Web Server Certificate Wizard window
  6. Select Create a new certificate, Click Next
  7. Select Prepare the request now, but send it later, Click Next
  8. At the Name and Security Settings screen, give your new certificate a name (this can be anything) – this will help you identify this request if you work with multiple domain names on the same webserver. Select bit length. We recommend using 2048-bit length (note: To generate 128/256 bit encryption you will need to select a 2048 bit length).
    Click Next
  9. You will now be asked for details about your company and your website. When creating a CSR you must follow these conventions.
    The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?&.
    This includes commas.
    When done click Next
  10. At the Organization Information, state your Company Name and Department. When done click Next
  11. At the Your Site’s Common Name screen, enter the domain name (e.g. yourdomain.com) or fully qualified domain name (e.g. www.yourdomain.com). Whatever you enter here will be EXACTLY what the certificate will be able to be used on.
    When done click Next
  12. At the Geographical Information screen, enter your country, state and city. For a complete list of official ISO country codes for the country field, please click here.
    When done click Next
  13. Choose a file name and a location to save your SSL Certificate Signing Request (CSR). The file should be saved as a text file (.txt).
    When done click Next
  14. You have now finished entering information. Your CSR will now be saved to a text file. Give your CSR a filename and select a location where you can easily find your CSR.
  15. Important: Now review what you have entered. If you notice a mistake, use the Back button to return to the relevant screen to make changes. Pay particular attention to theIssued To field.
    If everything is correct click Next
  16. You have now generated your CSR! Click Finish to close the wizard.

    IMPORTANT DO NOT REMOVE the pending request from your IIS or your issued certificate will not install. Attempting to create another CSR will automatically remove the pending request and this should be attempted until you have installed your issued certificate.
  17. You are now ready to submit your CSR for the certificate you wish to install.
Renewals or Sites currently running ssl

The renewal request option within IIS 5.0 does not create a request in a PKCS10 format. This may be corrected with a future Service Pack. IIS 5.0 does not allow your site that is currently running SSL to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a SSL session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following. Please read and print these instructions before submitting your new certificate request.

  1. Leave your existing site that currently has the certificate installed alone.
  2. Create another virtual site within IIS (this does not have to be a functional site).
  3. Enter Properties for the newly created virtual site, then go to the Certificate Wizard to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace.
  4. You are now ready to submit your CSR for the certificate you wish to install.
  5. Wait for the new certificate file to be emailed to you from Trustzone
  6. Install this certificate into your new virtual site; follow the process the pending request by selecting the certificate file we sent you. Complete the installation of your new certificate into your virtual web site.
  7. Now delete the new virtual site!
  8. Go to your Production web site, enter Properties, and select Replace the current certificate – choose the new certificate from the list.
  9. Make sure you bind the web site to a unique IP address at https Port 443, then Stop and then Start your web site. Your new certificate should be installed.
  10. When convenient, go into your MMC console (with Certificate snap-in added) and delete the old certificate.