how to create CSR and intall SSL certificate in IIS

How to create CSR and Install SSL Certificate in IIS

CSR: A CSR or the Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.

SSL:  SSL (Secure Socket Layer) creates an encrypted connection between your web server and your visitors’ web browser, allowing for private information to be transmitted without the problems of eavesdropping, data tampering, and message forgery.

IIS: Internet Information Services (IIS) are a flexible, general-purpose web server from Microsoft that runs on Windows systems to serve requests HTML pages or files.

Create Your CSR in IIS

  • From the Windows Start menu, find Internet Information Services (IIS) Manager and open it (click Administrative Tools > Internet Information Services (IIS) Manager).
  • In the Connections pane, locate and click the server.
  • On the server Home page (center pane) under the IIS section, double-click Server Certificates.
  • In the Actions menu (right panel), click Create Certificate Request.
  • In the Request Certificate wizard, on the Distinguished Name Properties page, provide the information specified below and then click Next.
Common name:The fully-qualified domain name (FQDN) (e.g., www.example.com)
Organization:Your company’s legally registered name (e.g., YourCompany, Inc.).
Organizational unit:The name of your department within the organization. This entry will usually be listed as “IT”, “Web Security”, or is simply left blank.
City/locality:The city where your company is legally located.
State/province:The state/province where your company is legally located.
Country/region:The country/region where your company is legally located. Use the drop-down list to select your country
  • On the Cryptographic Service Provider Properties page, provide the information specified below and then click Next.
Cryptographic service provider:In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider (unless you have a specific cryptographic provider).
Bit length:In the drop-down list, select 2048 (unless you have a specific reason for using a larger bit length).
  • On the File Name page, under Specify a file name for the certificate request, click the  button to specify a save location for your CSR.
  • Note: Remember the file name and save location of your CSR file. If you enter a filename without specifying a location, your CSR will be saved to C:\Windows\System32.
  • When you are done, click Finish
  • Open the CSR file using a text editor (such as Notepad), then copy the text (including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags) and paste it into the DigiCert order form.

How to install your SSL certificate and configure the server to use it

  • On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that you received from DigiCert.
  • Open Internet Information Services (IIS) Manager (click Start > Administrative Tools > Internet Information Services (IIS) Manager).
  • In the Connections pane, locate and click the server.
  • On the server Home page (center pane) under the IIS section, double-click Server Certificates.
  • In the Actions menu (right panel), click Complete Certificate Request.
  • In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:
The filename containing the certificate authority’s response:Click the  … button to locate the .cer file you received from DigiCert
(E.g., your_domain_com.cer).
Friendly name:Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate.

Note: We recommend that you add the issuing CA (e.g., DigiCert) and the expiration date to the end of your friendly name; for example, your site-DigiCert-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name
  • Click OK to install the certificate.
  • Now that you’ve successfully installed your SSL certificate, you need to configure your site to use it.

Assign Your SSL Certificate

  • In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to secure using the SSL certificate.
  • In the Actions menu (right panel), click Bindings.
  • In the Site Bindings window, click Add.
  • In the Add Site Binding window, do the following and then click OK.
Type:In the drop-down list, select https.
IP address:In the drop-down list, select the IP address of the site or select All Unassigned.
Port:Type 443. (SSL uses port 443 to secure traffic.)
SSL certificate:In the drop-down list, select your new SSL certificate (e.g., yourdomain.com).
  • Your SSL certificate is now installed, and the website is configured to accept secure connections.

Krishnapriya Neema

Krishnapriya is a Server Engineer at RackBank Datacenters Pvt. Ltd.

why access control list required in network security

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2013-2021 RackBank© Datacenters Pvt. Ltd.


Data Center in India

Rated 4.7/5 based on 31 reviews at Google+