知識庫

在 IIS 8 產生 CSR

To create a certificate signing request (CSR) in IIS Manager, one should perform a few simple steps:

  1. Start Internet Information Services (IIS) Manager by pressing Win+R > 'inetmgr' > Enter.
  2. Double-click on Server Certificates icon on the Home page.
  3.  csr_iis8_1.jpg

  4. Hover the mouse to Actions panel on the right side of the window and click 'Create Certificate Request...' button.
  5. csr_iis8_2

  6. The next window Distinguished Name Properties contains fields which should be filled in correctly for a proper CSR creation.
  7. csr_iis8_3

  8. Let us take a little overview of each field:
    • Common name - a field for a fully qualified domain name (e.g. domain.com or sub.domain.com), which is intended to be secured with the SSL certificate;
    • Organization - a company's name should be specified in this field. If there is no company owner of a domain name, this field should be filled with 'NA';
    • Organization unit - a specific company department, which is in charge of SSL certificate issuance and installation. It could be IT, Security or simply NA. This field cannot be empty either;
    • City/locality - a full city name should be specified here;
    • State/province - a field for a state name or an administrative region depending on a particular country inner division. If there are no states or other regions, this field needs to be filled in with a city name;
    • Country/region - a 2-digit country code from the drop-down list.

    Note! For OV and EV certificates, it is obligatory to specify a legal company name and an existing department in Organization and Organization unit fields since those certificates are issued to registered companies and imply a more advanced validation level.

    Note! All the fields should be filled only with alphanumeric symbols and no special ones are allowed (e.g. '&”, '/', '^', etc.)

  9. Once all the fields are filled in, click Next button.
  10. The next screen 'Cryptographic Service Provider Properties' offers to choose 2 parameters:
    • Cryptographic Service Provider - should be Microsoft RSA SChannel Cryptographic Provider;
    • Bit length - this drop-down menu allows to choose the length of a key, based on which CSR will be generated. In accordance with Comodo (now Sectigo) Certificate Authority restrictions, a key length must be at least 2048-bit or higher.
  11. csr_iis8_4

  12. After all the parameters are set, click Next button.
  13. In the File Name window it is required to specify the name of a file to which a newly generated CSR code will be saved, and a place where the file itself would be stored. You can either type in the path to the field or use '...' button to browse the file system.

    Note! If you type in the path to the file manually, please make sure that the directory, to which you are planning to save the file, actually exists or was created *before* this step. If the path is referring to a non-existent folder, the system will show an error that the directory was not found.

  14. csr_iis8_5

  15. When the location and the filename are specified, click Finish button.
  16. Now you can locate the CSR file on the computer, open it with a text editor and use the CSR for SSL certificate activation.

The issued certificate should be installed according to this guide.