CONTENTS

IIS and Server: Generating a Certificate Request for SSL

1. Generating a Certificate Request. The first step in configuring IIS to use SSL is to generate a certificate request. This request is for a SSL certificate that will be created by a CA, which in this case will be the Certificate Services an internal CA.

Open the IIS Manager by clicking the Start menu and selecting Administrative Tools and IIS Manager. Once opened navigate to the Default Web Site, right click it and click Properties.



Click on the Directory Security tab and select Server Certificate, which will start the IIS Certificate Wizard. You will be presented with a Welcome screen where you must click Next to continue.

The Web Server Certificate Wizard can generate a new certificate request or manage existing certificates. To Create a new certificate choose Create a New Certificate and click Next.



Next you must choose to either create a request and submit it manually to a CA or submit the request automatically to an online CA. The option to submit a request automatically is only available if you have Active Directory Integrated Enterprise Root CA. Since this option is not available the former is already selected. Click Next to continue.

The next screens will prompt you for information required to create the certificate. First enter Default Web Site for the Name of the certificate. This name should correspond with the name of your site. You can also change the bit length, which will be used for the public key encryption. For this example you can leave it at 1024. Click Next to continue.



Next you must enter the name of the organization and the organizational unit the certificate is associated with. You can create your own names here. Click Next to continue.



You must now enter the server's common name. The name should be the same as what users will enter in their browsers to access your site. If this is a public site you should use a valid DNS name. However, if the server is on the intranet you may use the computer's NetBIOS name. You can use your computers name. Click Next to continue.



The next step requires you to enter geographical information. Enter your Country, State, and City. When you are finished click Next.



Select the location you wish to store the certificate request. This is important to remember for this file will be submitted to a CA as the request for the SSL certificate. Choose the location where you want to store this file and click Next.



You will be presented with the summary of the file, which contains all the information you provided. If this information is correct click Next to generate the file, completing the wizard. If not you have the option to go back and correct any mistake.