To create a Certificate Signing Request (CSR) in IIS Manager, follow these simple steps:
- Start Internet Information Services (IIS) Manager by pressing Win+R >> type “inetmgr” >> press Enter.
- Double-click on the Server Certificates icon on the Home page.
- Navigate to the Actions panel on the right side of the window and click on Create Certificate Request….
- The Distinguished Name Properties window will appear.
- The Distinguished Name Properties contains fields that should be filled in correctly to create a proper CSR:
Common name - a field for the fully qualified domain name (e.g. example.com or sub.example.com; *.example.com for a Wildcard SSL certificates) that you want to secure with the SSL certificate;
- a company’s name should be specified in this field. If there is no company owner of a domain name, this field should be filled with “NA”;
- the specific company department in charge of SSL certificate issuance and installation. It could be “IT”, “Security” or simply “NA”. This field cannot be empty either;
City/locality - a full city name should be specified here;
State/province - a field for a state name or administrative region, depending on a particular country’s inner division. If there are no states or regions, this field can be filled in with a city name;
Country/region - a 2-digit country code from the drop-down list.
Note! For OV and EV certificates, it is obligatory to specify a legal company name and an existing department in Organization and Organization unit fields as these types of certificates are intended for registered companies and imply a more advanced validation level.
Note: All the fields should be filled only with alphanumeric symbols and no special symbols are allowed (“&”, “/”, “^”, etc.)
Here is an example of how the Certificate Request details can look with the fields filled in. On the below screen, we use the "example.com" domain as an example Common name.
- Once all the fields are filled in, click the Next button.
- The next screen, Cryptographic Service Provider Properties, features two parameters:
- Cryptographic Service Provider - this should be set to Microsoft RSA SChannel Cryptographic Provider.
- Bit length - this drop-down menu allows you to choose the length of a key based on which CSR will be generated. In accordance with Comodo (now Sectigo) Certificate Authority restrictions, a key length must be at least 2048-bit or higher.
Note! If you opt to type in the path to the file manually, please make sure that the directory where you are planning to save the file actually exists or was created *before* this step. If the path is referring to a non-existent folder, the system will show an error saying that the directory was not found.
- After both the parameters are set, click Next.
- In the File Name window you need to specify the file name that the newly generated CSR code will be saved under, as well as the location where the file will be stored. You can either type in the path to the field or use the … button to browse the file system.
- When the location and the filename are specified, click the Finish button.
- Now the CSR file has been saved to the computer. Open it with a text editor and use the CSR for SSL certificate activation.
The issued certificate should be installed according to the instructions in this manual.