IIS and Server: Generating a
Certificate Request for SSL
1. Generating a Certificate Request. The first step in
configuring IIS to use SSL is to generate a certificate request. This
request is for a SSL certificate that will be created by a CA, which in
this case will be the Certificate Services an internal CA.
Open the IIS Manager by clicking the Start menu and selecting
Administrative Tools and IIS Manager. Once opened navigate to the
Default Web Site, right click it and click Properties.
Click on the Directory Security tab and select Server Certificate, which
will start the IIS Certificate Wizard. You will be presented with a
Welcome screen where you must click Next to continue.
The Web Server Certificate Wizard can generate a new certificate request
or manage existing certificates. To Create a new certificate choose
Create a New Certificate and click Next.
Next you must choose to either create a request and submit it manually
to a CA or submit the request automatically to an online CA. The option
to submit a request automatically is only available if you have Active
Directory Integrated Enterprise Root CA. Since this option is not
available the former is already selected. Click Next to continue.
The next screens will prompt you for information required to create the
certificate. First enter Default Web Site for the Name of the
certificate. This name should correspond with the name of your site. You
can also change the bit length, which will be used for the public key
encryption. For this example you can leave it at 1024. Click Next to
Next you must enter the name of the organization and the organizational
unit the certificate is associated with. You can create your own names
here. Click Next to continue.
You must now enter the server's common name. The name should be the same
as what users will enter in their browsers to access your site. If this
is a public site you should use a valid DNS name. However, if the server
is on the intranet you may use the computer's NetBIOS name. You can use
your computers name. Click Next to continue.
The next step requires you to enter geographical information. Enter your
Country, State, and City. When you are finished click Next.
Select the location you wish to store the certificate request. This is
important to remember for this file will be submitted to a CA as the
request for the SSL certificate. Choose the location where you want to
store this file and click Next.
You will be presented with the summary of the file, which contains all
the information you provided. If this information is correct click Next
to generate the file, completing the wizard. If not you have the option
to go back and correct any mistake.