IIS SSL Instructions
Generate a Certificate Signing Request(CSR) for an SSL Certificate from WEBYSSL.com
Microsoft IIS 5 and 6 - Internet Information Services 5 and 6
Follow these instructions to generate a CSR for your Web site.
When you have completed this process, you will have a CSR ready to submit to
WEBYSSL.com in order to be generated into a SSL Security Certificate.
Note: If you are renewing your certificate or your site is currently running a web server certificate please refer to renewal section at the bottom of this document.
You must have at least Service Pack 1 installed
- Select the Internet Information Services console within the Administrative Tools menu.
- Select the computer and web site (host) that you wish to secure.
Right mouse-click to select Properties.
- Select the Directory Security tab.
- Select Server Certificate under Secure Communications
- Click Next in the Welcome to the Web Server Certificate
- Select Create a new certificate, Click Next.
- Select Prepare the request now, but send it later.
- At the Name and Security Settings screen, give
your new certificate a name - this will help you identify this request if
you work with multiple domain names on the same webserver. Select bit length.
We recommend using 1024-bit length (note: To generate 128 bit encryption you
will need to select a 1024 bit length). Click Next.
- You will now be asked for details about your company and
your website. When creating a CSR you must follow these conventions.
The following characters can not be accepted: < > ~ ! @ # $ % ^ * /
\ ( ) ?&.
This includes commas.
- At the Organization Information, state your Company
Name and Department.
- At the Your Site's Common Name screen, enter the
domain name (e.g. yourdomain.com) or fully qualified domain name (e.g. www.yourdomain.com).
Whatever you enter here will be exactly what the certificate will be
able to be used on.
- At the Geographical Information screen, enter your
country, state and city.
- You have now finished entering information. Your CSR will
now be saved to a text file. Give your CSR a filename and select a location
where you can easily find your CSR.
- Important: Now review what you have entered. If
you notice a mistake, use the Back button to return to the relevant
screen to make changes. Pay particular attention to the Issued To field.
- You have now generated your CSR! Click Finish to
close the wizard.
IMPORTANT DO NOT REMOVE the pending request from your IIS or your issued
certificate will not install. Attempting to create another CSR will automatically
remove the pending request and this should be attempted until you have installed
your issued certificate.
- Now go to www.WEBYSSL.com,
select your certificate product and click the relevant Order Now button. Make
sure that you have your CSR file handy - you will need this during the enrollment
Renewals or Sites currently running ssl
The renewal request option within IIS 5.0 does not create
a request in a PKCS10 format. This may be corrected with a future Service Pack.
IIS 5.0 does not allow your site that is currently running SSL to generate a
certificate signing request (CSR) without removing the existing certificate.
For most sites this is not an option since your site will not be able to run
a SSL session while your certificate is being processed. To obtain a certificate
for your existing web site you will have to do the following. Please read and
print these instructions before submitting your new certificate request.
- Leave your existing site that currently has the certificate
- Create another virtual site within IIS (this does not have
to be a functional site).
- Enter Properties for the newly created virtual site,
then go to the Certificate Wizard to create a new certificate request.
The information you enter on this certificate request should match exactly
the information on your production certificate, since that is the existing
certificate this new CSR will replace.
- Submit the new request through the following URL www.WEBYSSL.com
- Wait for the new certificate file to be emailed to you
- Install this certificate into your new virtual site; follow
the process the pending request by selecting the certificate file we
sent you. Complete the installation of your new certificate into your virtual
- Now delete the new virtual site!
- Go to your Production web site, enter Properties, and select
Replace the current certificate - choose the new certificate from the
- Make sure you bind the web site to a unique IP address
at https Port 443, then Stop and then Start your web site. Your new certificate
should be installed.
- When convenient, go into your MMC console (with Certificate
snap-in added) and delete the old certificate.