IIS 7: Generate CSRs (Certificate Signing Requests)
Before you can request a certificate through our online application, you need to use the IIS Manager to generate a Certificate Signing Request (CSR) for your website.
Note: You must have at least Service Pack 1 installed before generating a CSR.
- From Start, select Administrative Tools, and then select Internet Information Services (IIS) Manager.
- In the Connections panel on the left, select the server name for which you want to generate the CSR.
- In the middle panel, double-click Server Certificates.
- In the Actions panel on the right, select Create Certificate Request....
- Enter the following Distinguished Name Properties, and then select Next:
 Note: The following characters are not accepted when entering information: < > ~ ! @ # $ % ^ * / \ ( ) ? &- Common Name — The fully-qualified domain name (FQDN) — or URL — for which you plan to use your certificate (the area of your site you want customers to connect to using SSL).
     - An SSL certificate issued for www.coolexample.com is not valid for secure.coolexample.com. If you want your SSL to cover secure.coolexample.com, make sure the common name submitted in the CSR is secure.coolexample.com.
- If you are requesting a wildcard certificate, add an asterisk (*) on the left side of the Common Name (e.g., *.coolexample.com or *.secure.coolexample.com).
 
- Organization — The name in which your business is legally registered. The organization must be the legal registrant of the domain name in the certificate request.
Note: If you are enrolling as an individual, enter the certificate requester's name in the Organization field, and the Doing Business As (DBA) name in the Organizational Unit field. 
- Organizational Unit — Use this field to differentiate between divisions within an organization (such as "Engineering" or "Human Resources"). It is not necessary to specify an organizational unit when generating a CSR.
- City/Locality — The full name of the city in which your organization is registered/located. Do not abbreviate.
- State/Province — The full name of state or province where your organization is located. Do not abbreviate.
- Country — The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
 
- Common Name — The fully-qualified domain name (FQDN) — or URL — for which you plan to use your certificate (the area of your site you want customers to connect to using SSL).
     
- For Cryptographic service provider, select Microsoft RSA SChannel Cryptographic Provider.
- For Bit length, select 2048 or higher, and then select Next.
- Select …, enter the location and file name for your CSR, and then select Finish.
Next steps
Now that you've generated the CSR, you must enter it in your account with us to request the SSL certificate. Then, complete the process by downloading and installing the certificate.
- Locate, copy, and paste the CSR into our online application to request the SSL certificate.
  
Note: To get a copy, right-click the .req file, select Open With, and then select a text editor like Notepad.
 Paste all of the text, including ----BEGIN NEW CERTIFICATE REQUEST---- and ----END CERTIFICATE REQUEST----, in our online application.
- Once we approve your application, download the primary and intermediate certificate.
- Install the certificate by completing the pending request, importing the certificate file, and selecting the services to which the certificate applies.
Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products.
