IIS 7 & IIS 7.5 – How to Create an SSL Certificate Request

IIS 7 & IIS 7.5 – Creating an SSL Certificate Request


Ace Fekay, MCT, MVP, MCITP EA, Exchange 2010 Enterprise Administrator, MCTS Windows 2008, Exchange 2010 & Exchange 2007, MCSE 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services


Published 2/21/2012


.


Prelude:


The following is for a request to an online Enterprise CA in a domain scenario.


I put this together after I had to show someone how to create and submit a certificate request in IIS 7. There are mixed information out there on how to do this, but I haven’t found one with simple step by step screenshots in its entirety, so I thought to share this.


This is the same procedure for IIS 7.5.


For IIS 6, the steps are similar, only after you right click on the website properties:


  • Right click the website, choose properties
  • Click on the Directory Security tab
  • Click on Server Certificate button
  • Click Next
  • Then follow Step #3 below, and onwward.

.


I will later add a procedure to create a certificate request file for to send to a Standalone CA, such as a public CA. However, keep in mind, if you’re purchasing a certificate from a public entity, many public CAs provide step by steps with screenshots, and in some cases, such as Digicert (www.digicert.com), that actually help you create the file. I haven’t checked other CAs, but I’m sure they offer similar assistance.


As for an Exchange 2007 or 2010  UC/SAN cert, that is a different topic, and not related to IIS certificate requests. If you want to find out more about Exchange 2007 & 2010 certificates, see the following:


Exchange 2007 & Exchange 2010 UC/SAN Certificate
Published by acefekay on Aug 23, 2009 at 9:44 PM 4420 2
http://msmvps.com/blogs/acefekay/archive/2009/08/23/exchange-2007-uc-san-certificate.aspx


Exchange 2003 works with IIS 6, and the steps involved are not related to this, either.


.


Create and send a Cert Request to an Enterprise CA:


.


1. Open IIS


  • Click on the Servername in the upper left navigation pane.
  • In the results pane (the middle section), right-click on, Server Certificate, and choose Open Feature. Or you can simply double-click on it to open it.


.


.


2. In the Action Pane, choose Create Domain Certificate



.


.


3. Fill in the name of the website that you applications are connecting to it as



.


.


4. Click on Select and browse to the online Active Directory Enterprise CA in your infrastructure.



.


.


5. Click on the Default Website, then click on Edit Bindings



.


.


6. Click on https, then click on Edit



.


.


7. After clicking on Edit, in the Edit Site Binding windows, click on View



.


.


8. Choose the Common Name you created in the SSL cert dropdown box



.


.


9. Optionally you can choose to View the cert properties to ensure you chose the correct one



.


.


10. Open IE, connect to the website, then view the certificate



.


.


11. You can see the cert is the one we selected in the site’s SSL bindings



.


.


I hope you’ve found this helpful.


Comments, suggestions and corrections are welcomed.


Ace Fekay

Leave a Reply