Request an Internet Server Certificate (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Request an Internet server certificate when you must prove the identity of your Web server to clients who request content that resides on the server. Internet server certificates are issued by public certification authorities (CA).

Prerequisites

For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see Server Certificates Feature Requirements (IIS 7).

Exceptions to Feature Requirements

  • None

To request an Internet server certificate

You can perform this procedure by using the user interface (UI).

User Interface

To use the UI

  1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

  2. In Features View, double-click Server Certificates.

  3. In the Actions pane, click Create Certificate Request.

  4. On the Distinguished Name Properties page of the Request Certificate Wizard, type the following information, and then click Next.

    • In the Common name text box, type a name for the certificate.

    • In the Organization text box, type the name of the organization in which the certificate will be used.

    • In the Organizational unit text box, type the name of the organizational unit in the organization in which the certificate will be used.

    • In the City/locality text box, type the unabbreviated name of the city or locality where your organization or organizational unit is located.

    • In the State/province text box, type the unabbreviated name of the state or province where your organization or organizational unit is located.

    • In the Country/region text box, type the name of the country or region where your organization or organizational unit is located.

  5. On the Cryptographic Service Provider Properties page, select either Microsoft RSA SChannel Cryptographic Provider or Microsoft DH SChannel Cryptographic Provider from the Cryptographic service provider drop-down list. By default, IIS 7 uses the Microsoft RSA SChannel Cryptographic Provider.

  6. In the Bit length drop-down list, select a bit length that can be used by the provider. By default, the RSA SChannel provider uses a bit length of 1024. The DH SChannel provider uses a bit length of 512. A longer bit length is more secure, but it can affect performance.

  7. Click Next.

  8. On the File Name page, type a file name in the Specify a file name for the certificate request text box, or click the browse button () to locate a file, and then click Finish.

  9. Send the certificate request to a public CA.

Command Line

None

Configuration

None

WMI

Use the following WMI classes, methods, or properties to perform this procedure:

  • None

For more information about WMI and IIS, see Windows Management Instrumentation (WMI) in IIS 7. For more information about the classes, methods, or properties associated with this procedure, see the IIS WMI Provider Reference on the MSDN site.

See Also

Tags :


Community Content

Jeff McVey
Actual Request
How do you physically complete the request ? Do you print out the certificate request, then put it in "snail mail" to the CA ? Or do you send it over the Internet to their website ?
Tags :

BrianG07
Notes
Also it should be noted that this process does not give you a certificate key to use elsewhere and you can't create a certificate using a password if you should require that elsewhere.
Tags :

BrianG07
Incomplete Procedure
<p>Step 9. should clearly state that the "certificate request" is either the file you just created or the contents of the file just created, depending on what the public CA requires to complete the certificate request after purchasing a certificate.</p> <p> <br /> </p> <p>Also, what do you do after you download the certificate file and intermediary certificate(s) (i.e. bundle) from the public CA? In the "Actions" pane mentioned in the procedure, click "Complete Certificate Request..." &gt; for "File name containing..." box click the "..." button &gt; locate the certificate file from the public CA (or chain certificate file if you know how to create one), which can end in a different extension than "*.cer" (to the right of the "File name:" box click on the drop-down box arrow and select "*.*") &gt; Open &gt; "Friendly name:" should be the certificate's common name (i.e. "hostname.domain.com") or something similar (i.e. "hostname.domain.com.YEAR.crt") &gt; Finish.<br /></p>
Tags :

oliverbock
Common name
Shouldn't the common name match the domain name you want a certificate for?&nbsp; Might be worth mentioning.<br />
Tags :

Page view tracker