Step By Step Procedure to Create a CSR In The IIS Server

Well, if you use a Microsoft IIS server for hosting your application, as an FTP server for file transfer, for testing, or for any reason. If you want to secure your web application and run the service over HTTPS protocol, then you must bind an x509 certificate, a digital certificate used to prove the identity that is commonly known as an SSL certificate. To do this, you should create a CSR (Certificate Signing Request). Submit the certificate to your CA (Certificate Authority). Get a certificate issued by your CA and bind the certificate to your web application or web service. If you are not aware of how to create a CSR in the IIS server, then this post is for you.

In this post, we have covered what is an SSL certificate, an IIS server, CSR (Certificate Signing Request), and a detailed step-by-step procedure to create a CSR in the IIS server.

What Is An SSL Certificate?

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the HTTPS protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfers, and logins, and more recently, is becoming the norm when securing browser communications.

SSL Certificates bind together:

An SSL Certificate contains the following information:

What Is an IIS Server?

IIS (Internet Information Services) is a web server software created by Microsoft. IIS Server is used for hosting websites and applications on the World Wide Web. IIS Server can be installed on all versions of the Windows operating system, from Windows NT to Windows 10 and Windows NT Server 4.0 to Windows Server 2021.

How To Get A Certificate For Your Web Application?

If you have an application hosted on an IIS webserver. The application runs only on HTTP protocol which is not secured. If you want to run the application on HTTPS instead of HTTP, the first thing you need is a digital certificate or SSL/TLS certificate for your application. Then there may be several questions coming to your mind. Where to get an SSL certificate, and What is the procedure to get the SSL certificate? Let us answer these questions.

You should get the SSL certificate from a Certificate Authority (CA). Please contact your Certificate Authority and share your requirements with them so that they can help you in acquiring a certificate for your application. There could be different types of Certificate Authorities in your organization. Please reach out to the correct Certificate Authority depending on your requirements.

Your CA will ask you to Create a CSR in the IIS Server for your application and share the CSR (Certificate Signing Request) with them so that they can issue the certificate for your CSR. Then you should bind that certificate to the application in the IIS webserver to enable HTTPS.

Note: You can’t use the CSR created on a different server; please ensure the CSR must be created on the same IIS server on which the application is hosted. 

What Is CSR (Certificate Signing Request)?

A Certificate Signing Request is a block of encoded text that contains information about the applicant and the public key that they are requesting to be signed. This encoded text is then submitted to a Certificate Authority, which will use their private key to sign the CSR and generate a signed certificate. The certificate can then be used to verify that the public key does, in fact, belong to the person or organization who claimed it.

CSRs are typically generated by web servers or other software that will be using an SSL/TLS certificate and usually contain at least the common name (e.g., www.example.com) or email address associated with the certificate. Some CAs may require additional information to be included in the CSR in order to issue a certificate, such as the organization’s name or physical address.

What Information Should A CSR Have?

A Certificate Authority will use CSR to issue the certificate. So you should add the below information to your CSR while creating it.

The public key: Certificate Authority includes it during the creation of the certificate.

Information about the key type and length. The most common key size is RSA 2048, but some CAs, including GlobalSign, support larger key sizes (e.g., RSA 4096+) or ECC keys.

Pre-requisites To Create A CSR In The IIS Server:

How To Create A CSR In The IIS Server?

A CSR is the first step to getting a new certificate. As the name says, CSR is the standard request format that most Certificate Authorities accept to issue the certificate. In this section, we will show you how to Create a CSR in the IIS Server.

Step 1. Launch Information Service (IIS) Manager

Let’s begin the CSR generation process by launching the Internet Information Service (IIS) Manager.In Server Manager, go to Tools –> Information Service (IIS) Manager.

Step 2. Verify Certificates installed on the IIS Website

Select  Server Name and Double-Click on Server Certificates.

Step 3. List of certificates installed in IIS Server.

As you can see in the picture, no certificates were installed on the IIS server.

Step 4. Create Certificate Request

To Create CSR, click on ‘Create Certificate Request‘ under the ‘Actions‘ Menu.

Step 5. Provide the required information for creating a Certificate Request

After you click on ‘Create Certificate Request. Request Certificate Wizard will be opened up. You need to update the required details and click ‘Next‘.
Note: Please contact your local Certificate Authority if you don’t have the information to fill.
Common Name: Generally Common Name will be the URL of the IIS Web Service
Organization: Organization / Business Name
Organisational Unit: Division of the Organization
City / Locality: The city where the Organization located
State / Province: State  where Organization located
Country / Region: The country where the Organization located

Step 6. Select Cryptographic Service Provider details

Select the ‘Cryptographic Service Provider’ to default and change the ‘Bit Length’ to ‘4096′ to strengthen security and click on ‘Next’.

Note: Please contact your local Certificate Authority before you fill information.

Step 7. Save the CSR file to a location

Step 8. Select a location to save the CSR file. Enter a name for the file and click Save.

Step 9. Save the Certificate Request file on your disk and finish the process.

Specify the File name select the path to save it and click on ‘Finish‘.
The CSR file will be present at the location you saved it and can be used to request the SSL certificate for your application.

What Does A Typical CSR Look Like?

This is what a typical CSR file looks like. A CSR file is a long string of characters encoded in base 64 formats. Well, you can read the content of the CSR file using any text editor.

Whenever you copy the context you should include:

—–BEGIN NEW CERTIFICATE REQUEST—– & —–END NEW CERTIFICATE REQUEST—–

You can use CSR to generate an SSL certificate for your web application hosted on an IIS server. You may need to choose the appropriate certificate template while submitting the CSR to the Certificate Authority.

How To Decode A CSR?

Since the CSR stores the content in base64 format, it is not al all possible to validate the contents. If you want to validate the content of the CSR, it is possible to do that, but only after you decode it. There are many ways to decode a CSR.

Online Tool To Decode A CSR:

For beginners, using online tools is the best way to decode CSRs. We want to introduce one such wonderful tool to you. However, there could be a risk of data being stolen if you use unauthorized tools. Be aware of this before you use an online tool.

Namecheap: https://decoder.link/resultt

Decode A CSR Using OpenSSL:

If you don’t want to submit CSR content to online tools, it is possible to decode the CSR offline using the OpenSSL tool. Only the requirement is to have OpenSSL installed on your Windows server. No need to install the OpenSSL utility on Linux machines since the OpenSSL package is included in the default package list. You can use this command to see if OpenSSL is installed on your machine.

Use this command to see if OpenSSL is installed on your machine.

openssl version

Use this command to decode CSR using OpenSSL.

# openssl req -IIS_CSR.csr -noout -text

This is how you can create a CSR in the IIS Server.

We hope this post will show you a step-by-step procedure to Create a CSR in the IIS Server. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram and subscribe to receive updates like this.