IIS SSL Instructions

Generate a Certificate Signing Request(CSR) for an SSL Certificate from WEBYSSL.com

Microsoft IIS 5 and 6 - Internet Information Services 5 and 6

Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to WEBYSSL.com in order to be generated into a SSL Security Certificate.

Note: If you are renewing your certificate or your site is currently running a web server certificate please refer to renewal section at the bottom of this document.

You must have at least Service Pack 1 installed

  1. Select the Internet Information Services console within the Administrative Tools menu.

  2. Select the computer and web site (host) that you wish to secure.
    Right mouse-click to select Properties.

    Select Properties for your desired website from the IIS console

  3. Select the Directory Security tab.

    Select Directory Security Tab

  4. Select Server Certificate under Secure Communications

  5. Click Next in the Welcome to the Web Server Certificate Wizard window.

    Click Next in the Welcome to the Web Server Certificate Wizard window

  6. Select Create a new certificate, Click Next.

    Select Create a new certificate, Click Next

  7. Select Prepare the request now, but send it later.

    Select Prepare the request now, but send it later

  8. At the Name and Security Settings screen, give your new certificate a name - this will help you identify this request if you work with multiple domain names on the same webserver. Select bit length. We recommend using 1024-bit length (note: To generate 128 bit encryption you will need to select a 1024 bit length). Click Next.

    At the Name and Security Settings screen, give your new certificate a name. Select bit length. We recommend using 1024-bit length. Click Next

  9. You will now be asked for details about your company and your website. When creating a CSR you must follow these conventions.
    The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?&.
    This includes commas.

  10. At the Organization Information, state your Company Name and Department.

    At the Organization Information, state your Company Name and Department

  1. At the Your Site's Common Name screen, enter the domain name (e.g. yourdomain.com) or fully qualified domain name (e.g. www.yourdomain.com). Whatever you enter here will be exactly what the certificate will be able to be used on.

    At the Your Site's Common Name screen, enter the domain name (e.g. yourdomain.com) or fully qualified domain name (e.g. www.yourdomain.com). Whatever you enter here will be exactly what the certificate will be able to be used on

  2. At the Geographical Information screen, enter your country, state and city.

    At the Geographical Information screen, enter your country, state and city

  3. You have now finished entering information. Your CSR will now be saved to a text file. Give your CSR a filename and select a location where you can easily find your CSR.



  4. Important: Now review what you have entered. If you notice a mistake, use the Back button to return to the relevant screen to make changes. Pay particular attention to the Issued To field.

    Now review what you have entered

  5. You have now generated your CSR! Click Finish to close the wizard.

    You have now generated your CSR! Click Finish to close the wizard

    IMPORTANT DO NOT REMOVE the pending request from your IIS or your issued certificate will not install. Attempting to create another CSR will automatically remove the pending request and this should be attempted until you have installed your issued certificate.
  1. Now go to www.WEBYSSL.com, select your certificate product and click the relevant Order Now button. Make sure that you have your CSR file handy - you will need this during the enrollment process.

Renewals or Sites currently running ssl

The renewal request option within IIS 5.0 does not create a request in a PKCS10 format. This may be corrected with a future Service Pack. IIS 5.0 does not allow your site that is currently running SSL to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a SSL session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following. Please read and print these instructions before submitting your new certificate request.

  1. Leave your existing site that currently has the certificate installed alone.

  2. Create another virtual site within IIS (this does not have to be a functional site).

  3. Enter Properties for the newly created virtual site, then go to the Certificate Wizard to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace.

  4. Submit the new request through the following URL www.WEBYSSL.com

  5. Wait for the new certificate file to be emailed to you from sales@webyssl.com.

  6. Install this certificate into your new virtual site; follow the process the pending request by selecting the certificate file we sent you. Complete the installation of your new certificate into your virtual web site.

  7. Now delete the new virtual site!

  8. Go to your Production web site, enter Properties, and select Replace the current certificate - choose the new certificate from the list.

  9. Make sure you bind the web site to a unique IP address at https Port 443, then Stop and then Start your web site. Your new certificate should be installed.

  10. When convenient, go into your MMC console (with Certificate snap-in added) and delete the old certificate.