Table of Contents
The first step is to create a Certificate Signing Request (CSR). Next you will send this CSR to the Certificate Authority (CA) for signing. The returned certificate may need converting to X.509 if not already in IIS compatible format. And lastly we will install the certificate into IIS.
To receive a CA signed digital certificate, you must request one from a certificate provider. We will create a SSL certificate request for a Windows 2003 web server running IIS 6.
To create our certificate request as per (http://support.microsoft.com/kb/228821/EN-US/) , we will use the certificate wizard built into Microsoft Internet Information Services (IIS). Open the Internet Services Manager (or your custom MMC containing the IIS snap-in).
Procedure 4.1. Generating a Certificate Signing Request for a Certificate Authority
Browse to the site where you want to enable secure communications.
Right-click the friendly name of the site and go to properties.
Click the Directory Security tab.
Under the Secure Communications section, click Server Certificate.
This starts the new Web Site Certifcate Wizard.
Click Next.
Choose the "Create a New Certificate" option and click Next.
![]() | Note |
---|---|
There should be a slight pause before the screen appears. |
Choose the Prepare a New Request but Send it Later option and click Next.
Choose a Friendly Name for the site.
![]() | Note |
---|---|
(this can be anything you want it to be, for example, the friendly name of the site in the MMC, or the name of the customer the Web site belongs to). |
Choose the bit length of the key you want to use and whether you want to use SGC (Server Gated Cryptography), and then click Next.
Input your Organization (O) and your Organizational Unit (OU). For example, if your company is called Widgets and you are setting up a Web server for the Sales department, you would enter Widgets for the Organization and Sales for your Organizational Unit. Click Next when complete.
Input the common name (CN) for your site. This should be the same name that the user will input when requesting your Web site. For example, if a user inputs http://www.widgets.microsoft.com to access your Web site, then your Common Name would be www.widgets.microsoft.com . When you are complete, click Next.
Input you Country/Region, City, and State. It is very important that you do not abbreviate the names of the state or city. When complete, click Next.
Enter the contact information for the person responsible for this certificate or Web site. This is usually how the Certificate Authority contacts you, and then clicks Next.
Choose a name for the certificate request file you are about to create. This file will contain all the information you created here, as well as your public key for your site. You can browse the file name if you want. This creates a .txt file when you are complete. The default name for the file is Certreq.txt. When you have finished this step, click Next.
You will now be presented with a summary screen of all the information you entered. Make sure all this information is correct, and then click Next.
You have now created your certificate request file. Remember the file name, you will need it later.