CSR Support

Microsoft Internet Information Server 5.0/6.0

Note: If you are renewing your certificate or your site is currently running a web server certificate please refer to renewal section of this document

Creating a Certificate Signing Request

1. Select the Internet Information Services console within the Administrative Tools menu.

2. Select the computer and web site (host) that you wish to secure.

Right mouse-click to select Properties.

3. Select the Directory Security tab.

4. Select Server Certificate under Secure Communications

5. Click Next in the Welcome to the Web Server Certificate Wizard window.

6. Select Create a new certificate, Click Next.

7. Select Prepare the request now, but send it later.

8. At the Name and Security Settings screen, fill in the [friendly] name field for the new certificate. Select bit length. We recommend using 1024-bit length. Click Next.

9. When creating a CSR you must follow these conventions.

Enter your Distinguished Name Field information.

The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?&.

This includes commas.  

Distinguished Name Field

Explanation

Example

Common Name (Server Host Name)

The fully qualified domain name for your web server. You will get a certificate name check warning if this is not an exact match.

If you intend to secure the URL https://secure.yourURL.com, then your CSR's Server Hostname must be secure.yourURL.com

Organization Name

The exact legal name of your organization. Do not abbreviate

IPS S.L.

Organizational Unit

Optional for additional organization information

Marketing

City or Locality

The city where your organization is located.

Atlanta

State or Province Name

The state or province where your organization is located. Can not be abbreviated.

Georgia

Country Name

The two-letter ISO abbreviation for your country

US = United States

10. Enter your Administrator contact information.

11. Enter a path and file name for the CSR.

12. Verify your request and then click Next.

13. At the Completing the Web Server screen, select Finish.

DO NOT REMOVE the pending request or the .crt file will not match and your certificate will not install.

14. Select Finish.

Submit your CSR to IPSCA.

Renewals or Sites currently running ssl

The renewal request option within IIS 5.0 does not create a request in a PKCS10 format. This should be corrected with SP2. IIS 5.0 does not allow your site that is currently running ssl to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a ssl session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following. Please read and print these instructions before submitting your new certificate request.

1. Leave your existing site that currently has the certificate installed alone.
2. Create another virtual site within IIS (this does not have to be a functional site).
3. Create a certificate request within the newly created virtual site.
4. Submit the new request through the following URL http://certificados.ipsca.com/SrvC/Default.htm.
5. Wait for the .crt response file to be emailed to you from servidores@ipsca.com.
6. After you receive the response file (.crt) you will need go to the new virtual site and process the pending request by selecting the .crt file we sent you.
7. After combining your .crt file to the pending request you may then go to the original web site and remove the current certificate.
8. You can then assign an existing certificate, which will be the new certificate. 

 CSR installation