Customer Support

  1. Support
  2. Installation
  3. Instructions for creating a CSR on an IIS server
  1. Home
  2. SSL
  3. Instructions for creating a CSR on an IIS server

Instructions for creating a CSR on an IIS server

To generate a CSR on IIS server, quickly without using Windows GUI, follow the steps below:

1. Open a Text Editor/Notepad and paste the following content:

;--- request.inf ---
[Version]
Signature="$Windows NT$"
[NewRequest]
Subject = "CN=www.top.host, OU=Top.Host, O=Top.Host, L=Heraklion, S=Crete, C=GR, E=support@top.host"
; Key Exchange - for encryption
KeySpec = 1
; 2048 bits minimum, 3072 or 4096 are valid too
KeyLength = 4096
; Needed if you need to export the certificate to another server
Exportable = TRUE
; Indicates a server certificate, not a user certificate
MachineKeySet = TRUE
SMIME = False
UserProtected = FALSE
; Generate a new private key
UseExistingKeySet = FALSE
; RSA key
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
HashAlgorithm = SHA256
ProviderType = 12
; Standard of CSR's
RequestType = PKCS10
; Digital signatures and encryption
KeyUsage = 0xa0
Silent = True
FriendlyName = "Certificate SHA-256"
[EnhancedKeyUsageExtension]
; Server authentication
OID=1.3.6.1.5.5.7.3.1
;------------------------------

Edit the CSR details above, stating your own details that you want the certificate to be issued to have.

Specifically, based on our example:

Subject = "CN=www.top.host, OU=Top.Host, O=Top.Host, L=Heraklion, S=Crete, C=GR, E=support@top.host"

CN (Common Name) : Replace www.top.host with with the hostname you want the certificate to be issued to
For wildcard SSL certificate, this should be : *.top.host

- OU (Organizational Unit) :Replace Organizational Unit with the name of the department or remove OU=Organizational_Unit entirely

- Ο (Organization) : Replace Organization with the name of the organization

- L (Locality) : Replace City with your city name

- S  (State or Province) : Replace State with province

- C (Country) : Replace Country with the 2 letters of the ISO code corresponding to your country

- E (Email Address) : Replace the email with a working email

2. Save the file with the name request.inf, in the field Save as Type select All files(*.*), in the path C:

The request.inf file will have the following format.

3. Open a Command Prompt window by typing "cmd" in the taskbar search field and then Enter.

4. To generate CSR, in the window that will open, run the following commands:

cd C:

certreq -new request.inf request.csr

5. In the C: folder, the CSR named request.csr will be created, whose content will have the following format.

6. Open the generated .csr file and copy its contents, including the lines BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST.


You haven't found what you are looking for?

Contact our experts, they will be happy to help!

Contact us