Generate a Certificate Signing Request (CSR) in Windows IIS 10

How to generate a certificate signing request (CSR) in IIS 10.
This document covers CSR generation in IIS Manager. You can also order and install SSL/TLS certificates with SSL Manager, SSL.com’s free tool for Windows certificate management.

For more helpful how-tos and the latest cybersecurity news, subscribe to SSL.com’s newsletter here: 

Time needed: 30 minutes

This how-to will step you through generating a certificate signing request (CSR) in IIS. These procedures were tested in Windows 10 on IIS 10, but will also work in IIS 7.x and 8.x.

  1. Start IIS Manager.

    Start IIS Manager. One quick way to do this is by opening the Run command, then typing inetmgr and clicking the OK button.
    Run window

  2. Select server.

    Select the server in the Connections pane, on the left side of the window.
    Select server

  3. Open Server Certificates.

    Double-click the Server Certificates icon, located under IIS in the center pane of the window.
    Server Certificates Icon

  4. Click “Create Certificate Request.”

    Click the Create Certificate Request… link, in the Actions pane on the right side of the window.
    Create Certificate Request

  5. Enter Distinguished Name Properties.

    The Request Certificate wizard will open. Fill out the Distinguished Name Properties form with the following information:

    Common Name: The hostname that will use the certificate. This is usually a fully-qualified domain name, like www.mydomain.com, or store.mydomain.com. You can also use a wildcard, like *.mydomain.com.
    Organization: The legal name of your company or organization.
    City/locality: The city where your company is located.
    State/province: The state where your company is located.
    Country/region: Please use the two-character abbreviation for your country.

    When you are finished filling out the form, click the Next button.
    Distinguished Name Properties

  6. Set Cryptographic Service Provider Properties.

    Next, set the Cryptographic Service Provider Properties. Use the drop-down menus to select Microsoft RSA SChannel Cryptographic Provider as the cryptographic service provider, and a bit length of 2048 (unless you have a reason to set these to other values). When you are finished, click the Next button.
    Cryptographic Service Provider Properties

  7. Create file name and finish.

    Create a file name for your CSR, then click the Finish button.
    Create filename

  8. Next steps.

    You’re finished! Open the CSR in a text editor when you are ready to submit it to SSL.com for signing. For instructions on submitting your CSR to SSL.com, please read our guide to CSR submission. When you’re ready to install your certificate, please see these how-tos on installation and binding in IIS.
    CSR in Notepad

Next Steps

For more information on installing your certificate in IIS 10, read here. For info on binding, read here.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.