An Important Note Before You Start:
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use your SSL certificate and will need to request a free reissue. To ensure this never happens, we advise you to make a backup of your private key and make note of the password used to protect the export of the private key.
Under Administrative Tools, open the Internet Services Manager. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on a particular website will open up its properties.
Click the Directory Security tab and then click on the "Server Certificate" button in the Secure communications section. This will start the Web Site Certificate Wizard.
From the Web Site Certificate Wizard, select the "Create a new Certificate" option.
Select the "Prepare the request now, but send it later" option from the list. You will need to prepare the request now but will only submit the request (CSR) via our online request forms.
At this point you will decide what encryption strength your Private Key and CSR will be set at. It is advised to choose a 1024-bit key size. Please note that you can choose a larger key size although some browsers may have difficulty making a session with a bigger key size. The option Server Gated crypto (SGC) defaults the keylength to 1024. Merely choosing this option will not mean that you'll automatically get issued with a SGC SuperCert. If you do want a SGC SuperCert you will need to submit the CSR for a SGC SuperCert in the certificate enrollment process.
You have now created a public/private key pair. The private key is stored locally on your machine in the MMC, and is used for decryption. The public portion is sent to the company issuing the certificate in the form of a Certificate Signing Request (CSR), and will be used by your users to encrypt the data they send to your site.
You will now create a Certificate Signing Request (CSR). This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. Certain characters must be excluded from your CSR fields, or your certificate may not work.
You should enter the company name as it appears on your official company registration documents. The organization unit is optional but IIS 5.0 makes this field compulsory therefore please specify an organization unit.
The term "common name" is X.509 speak for the name that distinguishes the certificate best, and ties it to your Organization. Enter your exact host and domain name that you wish to secure. Example: If you wish to secure www.example.com, then you will need to enter the exact host (www) and domain name (example.com) in this field. If you enter example.com then the certificate issued to you will only work error free on https://example.com. It will cause a certificate mismatch error when you or your users access the domain via https:// www.example.com.
Enter your country, state or province and locality or city.
Enter the file name for the certificate request (CSR) and the location of where you would like to save the file (we recommend you click the ‘browse’ button and select a location to save the CSR file to). Then click "Next”.
The next page will display the summary of the certificate request.
Click on 'Finish' to complete the "Web Server Certificate wizard".
An Important Note Before You Start:
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use your SSL certificate and will need to request a free reissue. To ensure this never happens, we advise you to make a backup of your private key and make note of the password used to protect the export of the private key.
Under Administrative Tools, open the Internet Services Manager. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on the particular website will open up its properties.
Click the Directory Security tab and then click on the "Server Certificate" button in the Secure communications section. This will start the Web Site Certificate Wizard.
From the Web Site Certificate Wizard, select the "Create a new Certificate" option.
Select the "Prepare the request now, but send it later" option from the list. You will need to prepare the request now but will only submit the request (CSR) via our online request forms.
At this point you will decide what encryption strength your Private Key and CSR will be set at. It is advised to choose a 1024-bit key size. Please note that you can choose a larger key size although some browsers may have difficulty making a session with a bigger key size. Do not check the option ‘Select cryptographic service provider (CSP) for this certificate’.
You have now created a public/private key pair. The private key is stored locally on your machine in the MMC, and is used for decryption. The public portion is sent to the company issuing the certificate in the form of a Certificate Signing Request (CSR), and will be used by your users to encrypt the data they send to your site.
You will now create a Certificate Signing Request (CSR). This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. Certain characters must be excluded from your CSR fields, or your certificate may not work.
You should enter the company name as it appears on your official company registration documents. The organization unit is optional but IIS 6.0 makes this field compulsory therefore please specify an organization unit.
The term "common name" is X.509 speak for the name that distinguishes the certificate best, and ties it to your Organization. Enter your exact host and domain name that you wish to secure. Example: If you wish to secure www.example.com, then you will need to enter the exact host (www) and domain name (example.com) in this field. If you enter example.com then the certificate issued to you will only work error free on https://example.com. It will cause a certificate mismatch error when you or your users access the domain via https:// www.example.com.
Enter your country, state or province and locality or city.
Enter the file name for the certificate request (CSR) and the location of where you would like to save the file (we recommend you click the ‘browse’ button and select a location to save the CSR file to). Then click "Next”.
The next page will display the summary of the certificate request.
Click on 'Finish' to complete the "Web Server Certificate wizard".
If you create a new CSR, or new Key for the same web site, you will overwrite the ones you used to request your certificate. If that happens, you cannot use the certificate you were issued and will need to request a reissue. Please ensure you have a backup of your private key in case it is lost or overwritten. Please backup your private key.
To begin the process of requesting a new certificate, from the Actions pane, choose the Create Certificate Request option.
The common name should match the fully-qualified domain name for the site. Otherwise, provide information about your site, making sure to spell out the name of your state and locality.
The default, Microsoft RSA SChannel Cryptography Provider is fine. A key length of 1,024 bits is the default option and is fine as well.
You will need the contents of this file in the next step, so make sure you know where to find it.
These directions are provided courtesy of Verisign.
