Generating a CSR for Internet Information Server (IIS) 8.5

In the online request form for a server certificate the applicant has to submit a CSR as part of the certificate application. Usually the CSR is generated by the system administor. This tutorial provides the required steps to generate a CSR for Microsoft Internet Information Server (IIS) version IIS 8.5 on a Windows Server 2012 R2.
LET OP: een CSR dient ondertekend te worden met minimaal SHA-256. Uw windows systeem dient hiervoor geconfigureerd te worden omdat bij een standaard installatie SHA-1 gebruikt wordt.

(1) Open the Internet Information Services (IIS) Manager and Click on the server name (left menu)

IIS Manager

(2) From the center menu, double-click the “Server Certificates” icon

The Server Certificates overview and Actions will be shown in the center and right menu.

IIS Server Certificates

(3) Click on “Create Certificate Request… in the Actions menu on the right.

The Request Certificate wizard will pop up and will present the “Distinguished Name Properties” window.

Distinguished Name

(4) Enter the requested information in the “Distinguished Name Properties” window:

  • Common Name – The name through which the certificate will be accessed (a fully-qualified domain name is required e.g. www.yourdomain.com);
  • Organization – The legally registered name of your organization/company in the Chamber of Commerce;
  • Organizational unit – The name of your department within the organization;
  • City/locality – The city in which your organization is located;
  • State/province – The state in which your organization is located;
  • Country/region – The two-digit country code can be selected from a list.

Click Next.

(5) Enter the following information in the “Cryptographic Service Provider Properties” window

  • Cryptographic service provider. In the drop-down list, select Microsoft RSA SChannel…, unless you have a specific cryptographic provider. This will usually be the case if you deploy a Hardware Security Module to protect your server keys;
  • Bit length. In the drop-down list, select 2048.IIS CPS and keylength

Click Next.

(6) Select filename and location for the CSR

  • Specify a filename. Allthough not necessary it is recommended to give the CSR a meaningfull filename to prevent mistakes if you manage multiple sites and certificates;
  • Click the |…| box to browse to a location where the generated CSR will be stored. If you just enter a filename your CSR will end up in C:\Windows\System32.IIS filename

Click Finish.

(7) Use the generated CSR in the server certificate request

Remember the filename that you choose and the location to which you have saved the CSR. You -or the certificate applicant in your organisation- will need to open the CSR file as a text file and copy the entire body (including the -Begin and End Certificate Request- tags) into the online request form for a server certificate.
It is important to copy the CSR only using editors that do not change formatting e.g. Notepad. If you need to send it to another person by email it is important to send it as an attachement and not pasted in the email message body.

IIS CSR

Additional Information: For more information, refer to your server documentation or visit Microsoft Support Online