To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match. You will have to request a new SSL Certificate and may be charged.
Generate a Private Key Pair
1. Under Administrative Tools, open Internet Services Manager.
2. Open the Properties window by right-clicking on the name of the Web site you wish to secure.
3. Click the Directory Security tab.
4. Click Server Certificate in the Secure communications section. If you have not used this option before the Edit button will not be active.
5. Select Create a new certificate
NOTE: If you are renewing your SSL certificate, select the option to Renew the current certificate. This will generate a CSR based on the information of the certificate currently installed on the server.
6. Select Prepare the request now, but send it later. VeriSign only accepts CSR’s through the enrollment process forms. We do not accept CSR's via email.
NOTE: Please select 1024 as the bit length
7. Complete the information requested by the IIS Certificate Wizard to create a private key that is stored locally on your server and a Certificate Signing Request that you will use during the enrollment process.
The Wizard will prompt for the following X.509 attributes of the certificate:
Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California
Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example: XYZ Corporation
Organizational Unit (OU): This field is the name of the department or organization unit making the request.
Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".
VeriSign certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".
8. Click Finish to exit the IIS Certificate Wizard. A CSR file has been generated.
NOTE: Upon completing the Certificate Wizard, it is important to leave the request pending for successful certificate installation. Choosing the option to delete the pending request from the Certificate Wizard will prevent installation of the certificate that is returned.
9. Go to Enrollment.
10. To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
Contact Information
During the verification process, VeriSign may need to contact your organization. Be sure to provide an email address, phone number, and fax number that will be checked and responded to quickly. These fields are not part of the certificate.