The easiest way to generate CSR files and install and manage SSL certificates is to use the Certificate Utility tool for Windows by DigiCert. This tool allows users to create CSR and install certificates much more easily.
Alternatively, if you prefer to create CSR and install SSL certificates on IIS 7 yourself, you can refer to Mytour's article below for detailed instructions.
Step 1: Generating CSR on IIS 7 on Windows Server 2008
1. In the Start Menu, find and open Internet Information Services (IIS) Manager. To do this, click on Administrative Tools =>Internet Information Services (IIS) Manager.
2. In the Connections window, locate and click on the server.
3. On the server's homepage, under the IIS section, find and double-click on Server Certificates.
4. In the Actions menu (on the right pane), select Create Certificate Request.
5. In the Request Certificate wizard, on the Distinguished Name Properties page, fill in the following information and then click Next.
- Common name: Fully Qualified Domain Name (FQDN) (e.g., Mytour).
- Organization: Legal registered name of your company.
- Organizational unit: Department name within your company. This field is often filled with IT, Web Security, or left blank.
- City/locality: Location of your company.
- State/province: Province/city where your company is headquartered.
- Country/region: Country/region where your company is headquartered. Use the dropdown menu to select your country.
6. On the Cryptographic Service Provider Properties page, provide the following information and then click Next.
- Cryptographic service provider: From the dropdown menu, select Microsoft RSA SChannel Cryptographic Provider (unless you have a specific CSP provider).
- Bit length: From the menu, choose 2048 (unless you have a reason to use a larger key size).
7. On the File Name page, in the Specify a file name for the certificate request section, click on the 3-dot icon to specify the location to save the CSR.
Moving on:
"-END OF NEW CERTIFICATE REQUEST"-
10. Once the SSL certificate from DigiCert is received, the next step is to install it.
Step 2: Installing and configuring SSL certificate on IIS 7 on Windows Server 2008
After confirmation and issuance of the SSL certificate, you can install the server certificate on Windows 2008 server where the CSR was generated. Then configure the server to use this SSL certificate.
Installing SSL certificate
1. On the server where you generated the CSR, save the SSL certificate file .er (for example your_domain_com.cer) received from DigiCert.
2. Open Internet Information Services (IIS) Manager by clicking Start =>Administrative Tools =>Internet Information Services (IIS) Manager).
3. In the Connections pane, locate and click on the server.
4. On the server home page (in the middle pane), under IIS, double-click on Server Certificates.
5. In the Actions menu (in the middle pane), click on Complete Certificate Request.
If this is the server where you generated the CSR, you can proceed to install the certificate and dismiss any prompts. Simply click OK, then close the Internet Information Services (IIS) Manager window and reopen it to refresh the list of server certificates.
The new certificate will appear in the Server Certificate list, and you can continue with the next steps.
If the new certificate does not appear in the Server Certificate list, you may need to take one of the following steps:
- Reissue your certificate.
- Utilize the DigiCert Certificate Utility to import the certificate.
8. After successfully installing the SSL certificate, the next step is to configure the website to use this certificate.
Assign SSL Certificate
9. In the Internet Information Services (IIS) Manager window, in the Connections pane, expand the name of the server where the certificate is installed. Then expand the Sites node and select the website you want to secure with the SSL certificate.
10. In the Actions menu (right pane), select Bindings.
11. In the Site Bindings window, select Add.
12. In the Add Site Binding window, choose the following details and then click OK.
- Type: From the dropdown menu, select https.
- IP address: From the dropdown menu, choose the IP address of the website or select All Unassigned.
- Port: Enter 443 (SSL uses port 443 to secure traffic).
- SSL certificate: From the dropdown menu, select your new SSL certificate.
13. Now your SSL certificate is installed, and the website is configured to accept secure connections.
SSL Troubleshooting and Resolution
After successfully creating a CSR file and installing the SSL certificate on your IIS 7 (Windows Server 2008), if your website is publicly accessible, you can use the SSL Installation Diagnostics Tool to diagnose SSL issues and find solutions.
Download the SSL Installation Diagnostics Tool and install it here: Download SSL Installation Diagnostics Tool
This Mytour article just guided you on how to create a CSR file and install an SSL certificate on IIS 7 (Windows Server 2008). If you have any doubts or questions that need answers, feel free to leave your comments below the article.