Generating a CSR and Install a Certificate in IIS 7

Read the full knowledgebase articles and know how to generate a CSR and install a Certificate in IIS 7.

To Generate a Certificate Signing Request (CSR) — Microsoft IIS 7

1. From Start, select Administrative Tools, and then select Internet Information Services (IIS) Manager (IIS must be installed through Server Manager - Install Roles and Features).
2. In the Connections panel on the left, click the server name for which you want to generate the CSR.
3. In the middle panel, double-click Server Certificates.
4. In the Actions panel on the right, click Create Certificate Request....
5. Enter the following Certificate Properties, and then click Next:

   NOTE: The following characters are not accepted when entering information: < > ~ ! @ # $ % ^ * / \ ( ) ? &

   • Common Name — The fully-qualified domain name (FQDN) — or URL — for which you plan to use your certificate (the area of your site you want customers to connect to using SSL).
     • An SSL certificate issued for www.domain.com is not valid for secure.domain.com. If you want your SSL to cover secure.domain.com, make sure the common name submitted in the CSR is secure.domain.com.
     • If you are requesting a wildcard certificate, add an asterisk (*) on the left side of the Common Name (e.g.,*.domain.com or *.secure.domain.com).
   • Organization — The name in which your business is legally registered. The organization must be the legal registrant of the domain name in the certificate request.

     NOTE: If you are enrolling as an individual, enter the certificate requester's name in the Organization field, and the acronym DBA in the Organizational Unit field (Doing Business As)

   • Organizational Unit — Use this field to differentiate between divisions within an organization (such as "Engineering" or "Human Resources").
   • City/Locality — The full name of the city in which your organization is registered/located. Do not abbreviate.
   • State/Province — The full name of state or province where your organization is located. Do not abbreviate.
   • Country — The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
6. For Cryptographic service provider, select Microsoft RSA SChannel Cryptographic Provider .
7. For Bit length, select 2048 or higher, and then click Next.
8. Click …, enter the location and file name for your CSR, and then click Finish.

Once you have been supplied with a certificate from your provider or from us, see: https://www.vpsblocks.com.au/support/Knowledgebase/Article/View/143/0/purchase-an-ssl-certificate

Then you need to install it.

Installing the certificate

Then, to install the primary SSL certificate, you must complete the pending request, and then bind the certificate to your website.

To Install an SSL Certificate in Microsoft IIS 7

1. Click Start, mouse-over Administrative Tools, and then click Internet Services Manager.
2. In the Internet Information Services (IIS) Manager window, select your server.
3. Scroll to the bottom, and then double-click Server Certificates.
4. From the Actions panel on the right, click Complete Certificate Request....
5. To locate your certificate file, click ....
6. In the Open window, select *.* as your file name extension, select your certificate (it might be saved as a .txt, .cer, or .crt), and then click Open.
7. In the Complete Certificate Request window, enter a Friendly name for the certificate file, and then click OK.

NOTE: For Wildcard SSL certificates make sure your Friendly Name to matches your Common Name (i.e. *.domain.com).

1. In the Internet Information Services (IIS) Manager window, select the name of the server where you installed the certificate.
2. Click + beside Sites, select the site to secure with the SSL certificate.
3. In the Actions panel on the right, click Bindings....
4. Click Add....
5. In the Add Site Binding window:
   • For Type, select https.
   • For IP address, select All Unassigned, or the IP address of the site.
   • For Port, type 443.
   • For SSL Certificate, select the SSL certificate you just installed, and then click OK.
6. Close the Site Bindings window.
7. Close the Internet Information Services (IIS) Manager window. Your SSL certificate installation is complete.

To Install an Intermediate Certificate in Microsoft IIS 7

1. Click Start, and then click Run....
2. Type mmc, and then click OK. The Microsoft Management Console (Console) window opens.
3. In the Console1 window, click the File menu, and then select Add/Remove Snap-in.
4. In the Add or Remove Snap-in window, select Certificates, and then click Add.
5. In the Certificates snap-in window, select Computer Account, and then click Next.
6. In the Select Computer window, select Local Computer, and then click Finish.
7. In the Add or Remove Snap-in window, click OK.
8. In the Console1 window, click + to expand the folder.
9. Right-click Intermediate Certification Authorities, mouse-over All Tasks, and then click Import.
10. In the Certificate Import Wizard window, click Next.
11. Click Browse to find the intermediate certificate file.
12. In the Open window, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7bfile, and then click Open.
    

    NOTE: Do not install your Leaf Certificate in this area. Doing so removes your certificate from the list, and you must reinstall to correct the problem.

13. In the Certificate Import Wizard window, click Next.
14. Select Place all certificates in the following store, and then click Browse.
15. In the Select Certificate Store window, select Intermediate Certification Authorities, and then click OK.
16. In the Certificate Import Wizard window, click Next.
17. Click Finish.
18. Click OK.
19. Close the Console 1 window, and then click No to remove the console settings.