Text Box:

Home About NHS SSL Apply for cert Information Terms Help

Certificate Signing Request (CSR) Generation - Microsoft IIS 5.x / 6.x

A CSR is a file containing your IIS SSL certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrolment process:

Generate keys and Certificate Signing Request:

  • Select Administrative Tools
  • Start Internet Services Manager

IIS SSL server certificate - internet services manager

  • Open the properties window for the website the CSR is for. You can do this by right clicking on the Default Website and selecting Properties from the menu
  • Open Directory Security by right clicking on the Directory Security tab

IIS SSL server certificate - directory security

  • Click Server Certificate. The following Wizard will appear:

IIS SSL server certificate - IIS Certificate wizard

  • Click Create a new certificate and click Next.

IIS SSL server certificate - immediate request

  • Select Prepare the request and click Next.

IIS SSL server certificate - security settings

  • Provide a name for the certificate, this needs to be easily identifiable if you are working with multiple domains. This is for your records only.
  • If your server is only 40 bit enabled, you will only generate a 512 bit key and should upgrade with a high encryption pack from Microsoft before continuing.
    If your server is 128 bit enabled you can generate up to 1024 bit keys.  We recommend you stay with the default of 1024 bit key if the option is available.
    Click Next

IIS SSL server certificate - organization

  • Enter Organisation and Organisation Unit, these are your company name and department respectively. Click Next.

IIS SSL server certificate - domain name

  • The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, an Instant SSL Certificate issued for trustis.com will not be valid for www.trustis.com. If the web address to be used for SSL is www.trustis.com, ensure that the common name submitted in the CSR is www.trustis.com. Click Next.

IIS SSL server certificate - region

  • Enter your country, state and city. Click Next.

IIS SSL server certificate - file name

  • Enter a filename and location to save your CSR. You will need this CSR to enrol for your IIS SSL Certificate. Click Next.

IIS SSL server certificate - file summary

  • Check the details you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the domain name the Certificate is to be "Issued To". Your IIS SSL Certificate will only work on this domain. Click Next when you are happy the details are absolutely correct.
  • When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrolment form - including
     -----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----
  • Click Next
  • Confirm your details in the enrolment form
  • Finish

All Third Party Trademark Rights Acknowledged.

This document is licensed for use only in conjunction with the use of Trustis Limited Trust Services.

Copyright © Trustis Limited 2006, All rights reserved. Trustis FPS Healthcare is not responsible for the content of external websites.