Generating a Certificate Signing Request (CSR) using Microsoft IIS 4.x

A CSR is a file containing your IIS SSL certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process:

Generate keys and IIS SSL certificate:

1. Open the Microsoft Management Console (MMC) for IIS (available in the Windows NT 4.0 Option Pack > Microsoft Internet Information Server > Internet Service Manager.
2. In the MMC, Expand the Internet Information Server folder and expand the computer name
3. Open the properties window for the website the CSR is for. You can do this by right clicking on the website
4. Open Directory Security Folder
5. In the Secure Communications area of this Property Sheet, select the Key Manager button and select “Create New Key…”
6. Choose “Put the request in a file that you will send to an authority.” Select an appropriate filename (or accept the default).
7. Fill in the appropriate details:
8. Fill in all the fields, do not use the following characters:
9. ! @ # $ % ^ * ( ) ~ ? > < & / \
10. note: If your server is 40 bit enabled, you will generate a 512 bit key
11. If your server is 128 bit you can generate up to 1024 bit keys
12. Click Next until you finish
13. Click Finish
14. Key Manager will display a key icon under the WWW icon. The key will have an orange slash through it indicating it is not complete. Choose the “Computers” menu and select Exit. Select YES when asked to commit changes
15. When you make your application, make sure you include this file (this is your CSR) in its entirety into the appropriate section of the enrollment form – including
16. —–BEGIN CERTIFICATE REQUEST—–to—–END CERTIFICATE REQUEST—–
17. Click Next
18. Confirm your details in the enrollment form
19. Finish

We recommend that you make a note of your password and backup your key as these are known only to you, so if you lose them we can’t help! A floppy diskette or other removable media is recommended for your backup files.