Hjälpcentral

Problem

How to generate a csr for Microsoft IIS 6.0

How do I generate a CSR for Microsoft IIS 6.0

Resolution

Thawte now offers the Symantec SSL Assistant to make it easy to generate a CSR and install a certificate for Microsoft IIS 6.0 servers running .NET 2.0 or higher.As an independent subsidiary of Symantec, Geotrust offers Symantec SSL Assistant as a benefit of our corporate relationship.

NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.

To generate a CSR for Microsoft IIS 6.0, perform the following steps:

An Important Message Before You Start:

By far the most common problem users have when going through this process is related to Private Keys.

If you lose or cannot access a Private Key, you cannot use the Certificate we issue to you.

To ensure this never happens, we advise that a backup of the Private Key file is made and that a note is made of the password that is used to protect the export of the Private Key.

To generate a CSR in Microsoft IIS 6.0 follow the instructions below:

Start the Key/CSR Generation Process:

1. Open the Internet Services Manager  Start > Programs > Administrative Tools
2. Right-click on the Web site you would like to create the Key/CSR pair for.
   

   

3. Select Properties.
4. Click the Directory Security tab.
5. Under the Secure Communications section, click Server Certificate 
   

   

6. This will start the Web Site Certificate Wizard.  Click Next.
7. From the Web Site Certificate Wizard, select the Create a new Certificate option.
   

   

8. Select Prepare the request now, but send it later option from the list.
   

   You will need to prepare the request now but will only submit the request (CSR) via our online request forms. We do not accept CSR's via email.
   

9. Enter a name for the Certificate and select a key bit length of the Key file. 
   

   At this point you will decide what encryption strength your Private Key and CSR will be set at.
   NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
   If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.
   

   This information will be displayed on your Certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. Certain characters must be excluded from your CSR fields, or your certificate may not work.

   Do not use any of the following characters:  [ !  @  #  $  %  ^  *  (  )  ~  ?  >  <  &  /  \  ,  "  ' ]
   
   

10. Enter your Organization and Organizational Unit (Department)
    
    
    
    
11. Enter your Common Name
    
    
    
    The term "common name" is X.509 "speak" for the name that distinguishes the Certificate best, and ties it to your Organization.
    In the case of SSL Web Server Certificates, enter your exact host and domain name that you wish to secure.
    Example: If you wish to secure www.mydomain.com, then you will need to enter the exact host (www) and domain name in this field.
    If you enter mydomain.com then the Certificate issued to you will only work error free on that exact domain name.
    It will cause an error when you or your users access the domain name as www.mydomain.com
    
    
12. Enter the geographical details of your Organization.
    
    
    
    
13. The wizard will now want to create and save the CSR file. Click Browse and select a location to save the CSR file. Enter a name for the file and click Next.
    
    
    
    
14. The next page will display the summary of the Certificate you want to submit for enrollment.
15. Click Finish to complete the Web Server Certificate Wizard
    
    
    
    
16. Finish and exit IIS Certificate Wizard.
    
    A CSR file has been generated.  To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
    
    

NOTE: Upon completing the Certificate Wizard, it is important to leave the request pending for successful certificate installation. Choosing the option to delete the pending request from the Certificate Wizard will prevent installation of the certificate that is returned.

Backup your private key by following the instructions in solution: SO1443