IIS 7 & IIS 7.5 – How to Create an SSL Certificate Request

IIS 7 & IIS 7.5 – Creating an SSL Certificate Request

Ace Fekay, MCT, MVP, MCITP EA, Exchange 2010 Enterprise Administrator, MCTS Windows 2008, Exchange 2010 & Exchange 2007, MCSE 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services

Published 2/21/2012

.

Prelude:

The following is for a request to an online Enterprise CA in a domain scenario.

I put this together after I had to show someone how to create and submit a certificate request in IIS 7. There are mixed information out there on how to do this, but I haven’t found one with simple step by step screenshots in its entirety, so I thought to share this.

This is the same procedure for IIS 7.5.

For IIS 6, the steps are similar, only after you right click on the website properties:

  • Right click the website, choose properties
  • Click on the Directory Security tab
  • Click on Server Certificate button
  • Click Next
  • Then follow Step #3 below, and onwward.

.

I will later add a procedure to create a certificate request file for to send to a Standalone CA, such as a public CA. However, keep in mind, if you’re purchasing a certificate from a public entity, many public CAs provide step by steps with screenshots, and in some cases, such as Digicert (www.digicert.com), that actually help you create the file. I haven’t checked other CAs, but I’m sure they offer similar assistance.

As for an Exchange 2007 or 2010  UC/SAN cert, that is a different topic, and not related to IIS certificate requests. If you want to find out more about Exchange 2007 & 2010 certificates, see the following:

Exchange 2007 & Exchange 2010 UC/SAN Certificate
Published by acefekay on Aug 23, 2009 at 9:44 PM 4420 2
http://msmvps.com/blogs/acefekay/archive/2009/08/23/exchange-2007-uc-san-certificate.aspx

Exchange 2003 works with IIS 6, and the steps involved are not related to this, either.

.

Create and send a Cert Request to an Enterprise CA:

.

1. Open IIS

  • Click on the Servername in the upper left navigation pane.
  • In the results pane (the middle section), right-click on, Server Certificate, and choose Open Feature. Or you can simply double-click on it to open it.

.

.

2. In the Action Pane, choose Create Domain Certificate

.

.

3. Fill in the name of the website that you applications are connecting to it as

.

.

4. Click on Select and browse to the online Active Directory Enterprise CA in your infrastructure.

.

.

5. Click on the Default Website, then click on Edit Bindings

.

.

6. Click on https, then click on Edit

.

.

7. After clicking on Edit, in the Edit Site Binding windows, click on View

.

.

8. Choose the Common Name you created in the SSL cert dropdown box

.

.

9. Optionally you can choose to View the cert properties to ensure you chose the correct one

.

.

10. Open IE, connect to the website, then view the certificate

.

.

11. You can see the cert is the one we selected in the site’s SSL bindings

.

.

I hope you’ve found this helpful.

Comments, suggestions and corrections are welcomed.

Ace Fekay

Leave a Reply