Skip to main content

How do I generate a CSR on Microsoft Internet Information Services (IIS) 7?

User-added image
Certificate Signing Request (CSR) Help
For Microsoft IIS 7

Jump to steps


Before generating a certificate signing request for a domain in IIS 7, ensure that you have an IIS 7 role added to your server.  To verify that IIS 7 is installed on the server, open your Web browser and go to http://localhost/. If ISS 7 is installed, you will see the following page:



Note:
Do not use commas in any of the fields when creating your Certificate Signing Request (CSR). Commas are interpreted as the end of the field and will cause an invalid CSR to be generated. Do not use any of the following characters in the Web server Distinguished Name: ! @ # $ % ^ * ( ) ~ ? > < & / \

Here are the steps to create a CSR using Microsoft IIS 7

1. Launch the Internet Information Services (IIS) Manager:
Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager

2. In the Connections pane on the left, select the correct server name.


3. Open the Server Certificates features by double-clicking the Server Certificates icon located in the middle menu of the IIS Manager window.

4. In the Actions pane on the right, click Create Certificate Request to open the Request Certificate wizard.

Note : if you already have a certificate that is near expiration date and you need to renew it, select Create Certificate Request. Do not use the Renew option on the certificate from the Server Certificates action menu. The renewal function can sometimes create an incompatible CSR.


5. Enter the Distinguished Name information in the Distinguished Name Properties window in the wizard:

Attribute

Prefix

Description

Example

Common name

cn

Domain to be secured by certificate

iis7cert.entrust.com

Organization

o

Organization’s legal business name

Entrust Inc.

Organizational Unit

ou

Department in the organization

Certificate Dep.

City/Locality

l

Business location - city

Ottawa

State/Province

st

Business location – state/province

Ontario

Country/Region

c

Business location - country

CA

6. Click Next .

7. Select Microsoft RSA Channel Cryptographic Provider as the Cryptographic service provider . For Bit Length , select 2048 .

Click Next .

8. In the following window, specify the location and file name for your CSR. Take note of where the CSR is being stored, as you will need to access this file when you request a certificate. The file should contain a CSR similar to this:

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIEhDCCA2wCAQAwgYAxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w

DQYDVQQHDAZPdHRhd2ExFTATBgNVBAoMDEVudHJ1c3QgSW5jLjEZMBcGA1UECwwQ

Q2VydGlmaWNhdGUgRGVwLjEcMBoGA1UEAwwTaWlzN2NlcnQuZW50cnVzdC5jYTCC

.

.

.

OOqRZhp/bkDjEWW+OO1Z7hAnB1gcN4t1Q7TO3gZwyO9Yarv7gkPXCsCIMwJkhmzB

X4n6sJ5KGAUQj+Qx6VDeyTzG6w8hTvXH0ILxVb7LYg12vcrt2O3wKdBwRdcPNtLO

8nK2lCzuiMwL+cM8XJroaYCtr8A8mDHLCTQHy1y5PReZ2wYIChPWVwzzrhWo7XZ5

Vmcczl6amkU=

-----END NEW CERTIFICATE REQUEST-----

9. Open the generated file containing the newly created Certificate Signing Request (CSR) and copy its content into the specified field when you are requesting a certificate from Entrust.

Note: Copy the full CSR including the lines. Make sure that here are no trailing spaces or carriage returns in the CSR.
-----BEGIN NEW CERTIFICATE REQUEST-----


-----END NEW CERTIFICATE REQUEST-----

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088