For generating an SSL certificate, a certificate requester needs to create CSR (Certificate Signing Request) for his domain name on the web server. Need help on generating one? Follow this comprehensive guide.
What is CSR?
Before we move towards the steps, learn to understand what a Certificate Signing Request means.
A CSR is a standardized way of sending the public key to the issuing CA (Certificate Authority). This key is then paired with a private key located on the server. This encoded text is generated on the server where you want to install the certificate. It consists of information that is to be included in the certificate like domain name, organization name, locality as well country.
What is the Purpose of CSR?
When you log into a trusted website, you see a secure “HTTPS” session. Go ahead and type Specturm.com in your browser and you will see a lock sign. This sign represents if a website is secure. Since on your Spectrum’s site, don’t mind exploring the Spectrum deals.
Such a secure connection is established because of CSR. For this, a digital certificate is requested from a Canthi’s CA is a trusted 3rd party that is completely trusted by all popular web browsers like Microsoft Edge, Chrome, Safari, and Firefox. It can be said that the certificate authority has a public and private key. The private is used for generating encrypted files, which are known as digital certifications or SSL certificates. On the other hand, the public key is used for decrypting the encrypted files.
Root certificates are already installed on popular web browsers. You can check the list by exploring the settings of your browser. When the web browser receives the digital certificate, it decrypts the data using the root certificates. The browser also has the ability to detect if a trusted source has generated the digital certificate. Hence, the browser can trust the content of the certification.
How to Generate CSR?
To create a CSR on Microsoft IIS 7, follow these steps:
Step 1: Open Ms Internet Information Services Manager
- Go to start and choose control panel
- Click on administrative tools
- Choose the IIS manager
Step 2: Choose the Server
Now, you must pick the server where the SSL certificate to be generated. For this, follow these steps:
- Go to the connections menu
- Choose “server name” where the request is to be generated
Step 3: Navigate the Server Certificates
From the main menu, choose the “Server certifications” icon which is located under the security
Step 4: Generate a New Certificate
From the actions menu, choose the “Create Certificate Request” option
Step 5: Enter the Information
In the “Distinguished Name Properties” menu, enter the CSR details. Then hit “next”
Step 6: Choose the Cryptographic Service Provider
- From the cryptographic service provider properties windows, choose “Microsoft RSA SChannel Cryptographic Provider”
- Enter “2048” in the big length tab
- Hit “next”
Step 7: Save the Details
- Hit browse and choose the location you want the CSR file to be saved. It’s saved as a .txt version.
- Once you are done, click “finish”
Step 8: Generate the Order
Open the CSR file in a text editor and copy the code you see.
Return to the Generation form and paste the code copied. Hit continue and your order will enter the validate phase. Once the validation is complete, you will receive a trusted SSL certificate from the CA. After this, you must install it.
What out for Error Messages?
Microsoft Internet Information Services Manager is likely to generate one or two common error messages when installing the CSR. These errors include:
Error 1: “Cannot find the certificate request associated with this certificate file.”
Error 2: “ASN1 bad tag value met.”
When these messages appear, you only have to confirm one thing. Just be sure it’s the same server where the CSR was generated. Once it is confirmed, these errors are meaningless. There are good chances the certificate has been successfully installed. To validate that, press “F5” from the keyboard. This will refresh the server certificates. You should be able to see the certificate in the list. After this, hit continue to follow the next prompts.
Follow these steps as mentioned and you should be able to generate the CSR successfully. If you run into any error, try the Windows SSL management utility for troubleshooting.