Generate CSR: IIS 6 Microsoft Windows Server 2003
Follow these instructions to generate a Private Key and CSR. You must
have at least Service Pack 1 installed.
- Open the Internet Information Services (IIS) Manager.
From the Start button select Programs >
Administrative Tools > Internet
Information Services Manager.
- In IIS Manager, double-click the local computer, and then double-click
the Web Sites folder.
- Right-click the Web site for which you want to request
a certificate, and then click Properties. By default
it will be Default Web Site, yours may be different.
- Select the Directory Security tab and click Server
Certificate in the Secure
- Click Next in the Welcome to the Web Server
Certificate Wizard window.
- Select Create a new certificate, Click Next.
- Select Prepare the request now, but send it later.
- At the Name and Security Settings screen, fill in
the friendly name field for the new certificate
the friendly name can be any name that helps you remember what
this certificate is for when you see it in a list later. We recommend
using your domain as the friendly name, such as mysite.com.
- Select bit length. We recommend using a 2048-bit
length (2048 is required for EV SSL). Click Next.
- Leave the 'Select cryptographic service provider (CSP) for this certificate'
unchecked. Click Next.
You will be asked for several pieces of info which will be used by GeoTrust to create
your new SSL certificate. These fields include the Common Name (aka domain, FQDN), organization,
country, key bit length, etc. Use the CSR Legend in the right-hand column of this page
to guide you when asked for this information. The following characters should not
be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &
- Enter your Organization (e.g., Gotham Books Inc) and
Organizational Unit (e.g., Internet Sales). Click Next.
- THIS IS THE MOST IMPORTANT STEP! Enter
your site's Common Name. The Common Name is the fully-qualified-domain
name for your web site or mail server. What ever your end-user will
see in their browser's address bar is what you should put in here.
Do not include http:// nor https://. Refer to the CSR legend in the right-hand
column of this page for examples. If this is wrong, your certificate will not work
properly. Click Next.
- Enter your Geographical Information for Country, State, and City. Do
not abbreviate States and Cities. Click Next.
- In the Certificate Request File Name box enter the
path and file name where you want to save your CSR. You can use the
Remember where you save it, you'll need to be able to find this
CSR file later. Click Next.
- Review the data on the Request File Summary screen and click Next.
- Click Finish to complete the Wizard.
Now, from a simple text editor such as Notepad (do not use Word), open the CSR file you just
c:\certreq.txt (your path/filename may be different).
You will need to copy-and-paste the contents of this file, including the top and bottom lines, into the
relevant box during the online order process.
When generating your CSR you will be asked to input
a few pieces of info. Below are some common fields with descriptions and examples.
(also see About the CSR)
Common Name (CN)
The fully-qualified-domain name for your certificate. Examples include...
- *.domain.com (for wildcard SSL)
The exact legal name of your organization. Do not abbreviate your
organization's name. Example: Metro Realty LLC or Flowers by Jenny
Organizational Unit (OU)
The section or division of the organization. Example: Sales, Support, Customer Service
City or Locality (L)
The city where your organization is legally located. Cannot be
abbreviated. Example: Atlanta
State (S) or Province
The state or province where your organization is legally located. Cannot
be abbreviated.. Example: Georgia
The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)
Any email address. This field is arbitrary but must be filled in. GeoTrust
will not use this email address to process your order. Example: firstname.lastname@example.org
Key Bit Length
The key bit length has to do with the initial key exchange, not the
encryption strength of your certificate. GeoTrust recommends a key bit length of 2048.