Microsoft IIS 4.x CSR Generation Instructions

Microsoft IIS 4.x
(CSR Generation Procedures)

A CSR is a file containing your IIS SSL certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform during the order process:

HOST HEADERS:

The use of Host Headers is not supported by EBIZID, Microsoft or any other SSL Provider. If you choose to use host headers with SSL, you do so at your own risk. EBIZID will not give refunds when host headers are used. More information can be found on the use of host headers at the Microsoft Website. (See link below)

Microsoft K-base "SSL Not Supported" Article

DEDICATED IP ADDRESS:

Your Domain MUST have a dedicate IP address in order to install an SSL Certificate on that domain, otherwise it will not work. If you do not manage your own server, please contact your hosting company and find out if you have a dedicated IP for your domain. If you do not, they can assign one to your domain. They are very inexpensive.

Backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR). EBIZID will reissue certificates no more than 30 days from the time of purchase. If you do not backup your key and your server fails or other problems occur after the 30 days, you will then be required to purchase a new certificate. An ounce of prevention is all that is required to prevent this from happening.

Should you choose to enter and use a Private Key password, you will need to make sure that you save that password in a secure place. If you ever need to reinstall your certificate for any reason, you will be required to enter that password. If you forget the password and it is past 30 days from your purchase date, then you will be required to purchase a new certificate. An ounce of prevention will prevent this from happening.

Generate keys and IIS SSL certificate:

1. Open the Microsoft Management Console (MMC) for IIS (available in the Windows NT 4.0 Option Pack > Microsoft Internet Information Server > Internet Service Manager.

2. In the MMC, Expand the Internet Information Server folder and expand the computer name

3. Open the properties window for the website the CSR is for. You can do this by right clicking on the website

4. Open Directory Security Folder

5. In the Secure Communications area of this Property Sheet, select the Key Manager button and select "Create New Key..."

6. Choose "Put the request in a file that you will send to an authority." Select an appropriate filename (or accept the default).

7. Fill in the appropriate details:

8. Fill in all the fields, do not use the following characters:
! @ # $ % ^ ( ) ~ ? > < & / \

If your server is 40 bit enabled, you will generate a 512 bit key
If your server is 128 bit you can generate up to 1024 bit keys

If you are ordering a Wildcard Certificate, the Common Name field must be in the format of: * . yourdomain . com

9. Click Next until you reach the finish page.

10. Click Finish

11. Key Manager will display a key icon under the WWW icon. The key will have an orange slash through it indicating it is not complete. Choose the "Computers" menu and select Exit. Select YES when asked to commit changes

12. When you make your application, make sure you include this file (this is your CSR) in its entirety into the appropriate section of the order form.

When sending your CSR to EBIZID, you MUST copy and paste the entire CSR Request, including the beginning and ending lines as shown below.
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Failure to do so will result in you having to resend your CSR in the correct format to EBIZID which will cause a prolonged delay in processing your order.

13. Click Next

14. Confirm your details in the enrollment form

15. Click Finish

What your CSR will look like when your finished.