Generating a Certificate Signing Request (CSR) for Internet Information Server (IIS) 6.0
This document provides the steps to generate a CSR for Microsoft Internet Information Server (IIS) version 6.0.

We strongly advise to use a "dummy' webserver instance. After you've completed the CSR generation process, you must leave this dummy instance intact, untill you receive you certificate from Getronics PinkRoccade.
If you have not created a "Dummy" WebSite yet, please do so first before continuing with this manual.

On this "Dummy" WebSite follow the steps to create a CSR:

Generating a CSR IIS 6.0: Please follow the instructions below to generate a private key (CSR):
  1. Start the Certificate Signing Request Process:
    1. Open the Internet Services Manager or if you prefer you can use the Microsoft Management Console containing the Internet Information Services snap-in.
    2. Expand Internet Information Services (if needed) and browse to the Web site that will hold the pending certificate request.
    3. Right-click on the selected web site and click on Properties.



  2. Open Directory Security Folder:
    1. In the Directory Security tab, click on the Server Certificate button under Secure communications. Note: If you have not used this option before the Edit button will not be active.



  3. Select Create a new certificate, if you are renewing a certificate select Renew certificate. Click Next.


  4. Select Prepare the request now, but send it later. You can only submit the CSR (request) via our online request forms. A CSR is not accepted via email. Click Next.



  5. Enter a certificate name (this is for your reference only) and the certificate strength. At this point you will need to decide the encryption strength of the CSR. The recommended bit length is 1024. Click Next.



    At this point your private key is created and stored locally on your machine. The public portion is sent to Getronics PinkRoccade in the form of a Certificate Signing Request.
  6. Enter the Organization name. The Organization name MUST reflect what appears on the company's official registration documents.



  7. Enter your common name; this refers to the URL your customers will use to get to your SSL protected site; i.e. if your customers use the following URL: https://www.mywebsite.com the common name would be "www.mywebsite.com".



  8. Enter the geographical details of the Organization. DO NOT abbreviate your state or locality. Country must be set to "NL", for Netherlands.



  9. Enter Contact Information. This is not for Getronics PinkRoccade records. This is strictly a Server side function. You will have to enter this type of information via our online forms during the request process.



  10. Choose a filename to save the request. Select an easy-to-locate folder (saving the file to the Desktop is recommended). You'll have to open this file up with Notepad. The CSR must be copied and pasted into our online form using a text editor. DO NOT use your e-mail client or a word processor to cut and paste the information as they will add invisible characters that will generate errors upon submission.


  11. Confirm the information in the request is accurate. You can go back and correct any errors if needed.



  12. Click on Finish to complete the process and exit IIS Certificate Wizard.



Additional Information: For more information, refer to your server documentation or visit Microsoft Support Online. Click on the links below to find additional information on Microsoft Windows 2003 and IIS 6.0:

Using Certificate Wizards Internet Information Services (IIS) 6.0

Microsoft TechNet Home