Microsoft IIS 5 and 6
(CSR
Generation Procedures) |
|
 |
 |
A CSR is a file
containing your IIS SSL certificate application information,
including your Public Key. Generate your CSR and then copy
and paste the CSR file into the webform during the order
process:
| HOST HEADERS: |
| The use of Host Headers is not supported
by EBIZID, Microsoft or any other SSL Provider. If you
choose to use host headers with SSL, you do so at your
own risk. EBIZID will not give refunds when host headers
are used. More information can be found on the use of host
headers at the Microsoft Website. (See link below) |
Microsoft
K-base "SSL Not Supported" Article
| DEDICATED IP ADDRESS: |
| Your Domain MUST have a dedicate IP address in order
to install an SSL Certificate on that domain, otherwise
it will not work. If you do not manage your own server,
please contact your hosting company and find out if you
have a dedicated IP for your domain. If you do not, they
can assign one to your domain. They are very inexpensive. |
| Backup the private key, as there is
no means to recover it should it be lost. The private key
is used as input in the command to generate a Certificate
Signing Request (CSR). EBIZID will reissue certificates
no more than 30 days from the time of purchase. If you
do not backup your key and your server fails or other problems
occur after the 30 days, you will then be required to purchase
a new certificate. An ounce of prevention is all that is
required to prevent this from happening. |
| Should you choose to enter and use a
Private Key password, you will need to make sure that you
save that password in a secure place. If you ever need
to reinstall your certificate for any reason, you will
be required to enter that password. If you forget the password
and it is past 30 days from your purchase date, then you
will be required to purchase a new certificate. An ounce
of prevention will prevent this from happening. |
Select Administrative Tools
Start Internet Services Manager
Open the properties window for the website the CSR is for.
You can do this by right clicking on the Default Website
and selecting Properties from the menu
Open Directory Security by right clicking on the Directory
Security tab
Click Server Certificate . The following Wizard will appear:
Click Create a new certificate
and click Next.
Select Prepare the request
and click Next.
Provide a name for the certificate, this needs to be easily
identifiable if you are working with multiple domains. This
is for your records only.
If your server is 40 bit enabled, you will generate a 512
bit key. If your server is 128 bit you can generate up
to 1024 bit keys. We recommend you stay with the default of
1024 bit key if the option is available. Click Next
Enter Organization and
Organization Unit , these are your company name and department
respectively. Click Next.
The
Common Name field should be the Fully Qualified Domain Name
(FQDN) or the web address for which you plan to use your
IIS SSL Certificate, e.g. the area of your site you wish
customers to connect to using SSL. For example, an EBIZID
SSL Certificate issued for ebizid.com will not be valid
for secure.ebizid.com . If the web address to be used
for SSL is secure.ebizid.com , ensure that the common
name submitted in the CSR is secure.ebizid.com . Click
Next.
| If you are ordering a Wildcard Certificate,
the Common Name field must be in the format of: *
. yourdomain . com (aterisk+period+yourdomain.com) |
Enter your country , state
and city . Click Next.
Enter a filename and location
to save your CSR. You will need this CSR to enroll for your
IIS SSL Certificate. Click Next.
Check
the details you have entered. If you have made a mistake
click Back and amend the details. Be especially sure to check
the domain name the Certificate is to be "Issued
To". Your IIS SSL Certificate will only work on this domain.
Click Next when you are happy the details are absolutely
correct.
When you make your application,
make sure you include the CSR in its entirety into the appropriate
section of the order form.
Click Next
Confirm your details in the enrollment form
Click Finish
-----BEGIN CERTIFICATE REQUEST-----
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAU
AMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0
EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UEC
xMlU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAeFw0wMTA4MDIwMDAwMDBaFw0
wMzA4MDIyMzU5NTlaMIGQMQswCQYDVQQGEwJVUz
ERMA8GA1UECBMIVmlyZ2luaWExETAPBgNVBAcUC
FJpY2htb25kMSAwHgYDVQQKFBdDYXZhbGllciBU
ZWxlcGhvYm9uZGluZy5jYXZ0ZWwuY29tMIGfMA0
GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8x/1dxo
2YnblilQLmpiEziOqb7ArVfI1ymXo/MKcbKjnY2
-----END CERTIFICATE REQUEST-----
When sending your CSR to EBIZID, you
MUST copy and paste the entire CSR Request, including the
beginning and ending lines as shown below.
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Failure to do so will result in you having to resend your CSR in the correct
format to EBIZID which will cause a prolonged delay in processing your
order. |
Go to: Certificates snap in in the MMC
Select Requests
Select All tasks
Select Export
| Backup the private key, as there is
no means to recover it should it be lost. The private key
is used as input in the command to generate a Certificate
Signing Request (CSR). EBIZID will reissue certificates
no more than 30 days from the time of purchase. If you
do not backup your key and your server fails or other problems
occur after the 30 days, you will then be required to purchase
a new certificate. An ounce of prevention is all that is
required to prevent this from happening. |
| Should you choose to enter and use a
Private Key password, you will need to make sure that you
save that password in a secure place. If you ever need
to reinstall your certificate for any reason, you will
be required to enter that password. If you forget the password
and it is past 30 days from your purchase date, then you
will be required to purchase a new certificate. An ounce
of prevention will prevent this from happening. |
|
