Don’t have the time to spend activating and installing your SSL? Let our experts set up your SSL for you!
In order to generate a CSR code on a Windows server or your Windows desktop through IIS 8, please follow the next steps:
- Open Internet Information Services (IIS) Manager from the Start menu, or by pressing Win+R, then typing inetmgr and clicking Ok. The instructions on how to enable IIS on the desktop are shown here.
- Double-click on the Server Certificates icon in the section for the required server:
3. In the new window, find the Actions section in the right corner of the window and click on Create Certificate Request… to open the Request Certificate wizard:
Note: To renew your SSL certificate, use this option as you did initially. Using the renew option in the Server Certificates section creates a PKCS#7-formatted CSR, which is not recognized as valid by many CSR decoders and CA applications. As a result, this type of CSR cannot be used for renewal.
4. Another new window will appear where it is necessary to enter Distinguished Name Properties (domain name and your contact details for the certificate request) . Every field should be filled only with alphanumeric characters and cannot be empty. The descriptions are explained below:
- Common name – fully qualified domain name you wish to secure with the SSL certificate, for example, domain.com or www.domain.com. For the wildcard certificate, put an asterisk in front of the domain name so that it looks like *.domain.com;
- Organization – full name of the officially registered company, or you can just put NA;
- Organization unit – specific department of the company provided above; can be specified as NA too;
- City/locality – full name of the city or town;
- State/province – full name of the state or province. If you do not have one, just put your city or town name;
- Country/region – two-letter country code from the drop-down.
5. Click Next and a new screen will appear. Select Microsoft RSA SChannel Cryptographic Provider as the cryptographic service provider. Starting from December 20, 2010, 1024-bit key length is considered insecure, so it is necessary to select 2048- or 4096-bit length:
6. In the next window, provide the name of the certificate request file and location where it should be saved. You can either type it manually, or click on the “…” button to select the destination:
7. Click Finish to complete the generation. Now you can find the text file with the CSR code in the selected folder. You need to copy the whole contents along with the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– lines and paste the code in the corresponding box during activation. Note: Before activating the certificate, you can check if the CSR code is generated correctly via this online tool .