Creating a Certificate Signing Request

1. From the application server, click the Start button, click or search for the Internet Information Services (IIS) Manager and open it.
2. In the Connections section, click the server name.
3. In the center Home menu, double-click the Server Certificates button in the IIS section.

   Figure 2-21 Internet Information Services (IIS) Manager - IIS Section

   
   
   
4. Click Create Certificate Request… from the Actions menu.

   Figure 2-22 Actions - Create Certificate Request Link

   
   
   
5. Enter the appropriate information in the Request Certificate window, and then click Next.

   The Common name field (through which the certificate is eventually accessed) is usually the application server’s fully qualified domain name (FQDN) (for example, www.domain.com or mail.domain.com).

   Figure 2-23 Request Certificate - Distinguished Name Properties

   
   
   
6. Select Microsoft RSA SChannel Cryptographic Provider from the Cryptographic service provider drop-down list, unless you have another specific cryptographic provider.
7. Select 2048 (or higher) from the Bit length drop-down list, and then click Next.

   Figure 2-24 Request Certificate - Cryptographic Service Provider Properties

   
   
   
8. Click the ellipsis (...) button to browse to a location where you want to save the Certificate Signing Request (CSR) file.
   1. Remember the filename and the location where you save it.

      Figure 2-25 Request Certificate - File Name

      
      
      
   2. Open this file using a text editor and copy the entire body of it (including the Begin and End New Certificate Request tags) into the CSR order form.
9. After you receive your Secure Sockets Layer (SSL) certificate, save the certificate on the server where you created the CSR, and then you can install it.