Wednesday, August 18, 2021
CREATE CSR AND COMPLETE SSL TLS CERTIFICATE REQUEST RESPONSE IN IIS
Hi Everyone, Welcome to another exciting article by PKI404. Please follow the below steps thoroughly to Create CSR in IIS and complete the request response from CA.
CREATE CSR AND COMPLETE SSL TLS CERTIFICATE REQUEST RESPONSE IN IIS
1. Open Internet Information Services (IIS) Manager
Click Start, Control Panel, System and Security, Administrative Tools, and then select Internet Information Services (IIS) Manager.
OR
Open Run - type - inetmgr
2. Select the server where you want to generate the certificate
In the left Connections menu, select the server name (host) where you want to generate the request.
3. Navigate to Server Certificates
In the center menu, click the Server Certificates icon under the Security section near the bottom.
4. Select Create a New Certificate
In the right Actions menu, click Create Certificate Request.
5. Enter your CSR details
In the Distinguished Name Properties window, enter in the required CSR details and then click Next.
Note: To avoid common mistakes when filling out your CSR details, for wildcard use *.domain.com
6. Select a cryptographic service provider and bit length
In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next.
Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility.
7. Save the CSR
Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish.
8. Generate the Order
Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including:
-----BEGIN CERTIFICATE REQUEST-----
And
-----END CERTIFICATE REQUEST-----
Submit the CSR to Certificate Authority once you receive the SSL certificate follow the below steps.
Install Your SSL Certificate
1. On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that you received from your CA.
2. Open Internet Information Services (IIS) Manager (click Start > Administrative Tools > Internet Information Services (IIS) Manager).
3. In the Connections pane, locate and click the server.
4. In the server Home page (center pane) under the IIS section, double-click Server Certificates.
5. In the Actions menu (right pane), click Complete Certificate Request.
6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:
CA's response file:
Click the … button to locate the .cer file you received from CA
(e.g., your_domain_com.cer).
Friendly name:
Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate.
Note: We recommend that you add the issuing CA (e.g., Globalsign) and the expiration date to the end of your friendly name; for example, yoursite-globalsign-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name.
7. Click OK to install the certificate.
No comments :
Post a Comment