česky | english
Help - Generating a new key pair and CSR for IIS 7.0
Creating the keys and CSR
. Use the IIS-7 Manager tool. First, display the server panes:
.In the middle pane double click on "Server certificates" (Certifikáty server). Then in the right pane click on "Create a CSR..." (Vytvořit žádost o certifikát...). The wizard opens for creating a CSR. This request contains the new public key server key; the CSR is prepared for the website certificate (not a personal one). There will be the server name in the CSR, not your name. Private key is also created and saved in the server.
.Fill the CSR form. The first text box will contain the server FQDN name. This is the name for the DNS system, and the server must be known under this name on the Internet. The Microsoft's idea is, that if your server has multiple FQDN names (i.e. IIS-7 serves for multiple virtual websites), you have to create for each of them its own certificate, or use the SAN parameters - alternate names, first of them must be equal to the main name fulfilled here. The CAcert CA then has to receive the CSR containing SAN names. .The other text boxes have to be fulfilled according to the reality. (A fictive company name is fulfilled in this example.)
. Wizard's next step: select the provider and the key length, as proposed in this example. The websites containing sensitive data may use longer keys.