Geeks With Blogs

Mike H. - Another Geek In Need... WebLog

Creating CSR – Certificate Request – and Generating CSR’s for IIS7/IIS 7/ Internet Information Services 7

In IIS7 – it is not intuitive – how to generate your CSR and then get your certificate issued – and apply that certificate to your site.

In IIS 6 – it was pretty straight forward once you have walked through the process – but IIS 7 is as different as night/day.

In IIS 7 – let’s replace the one for our SharePoint site. We had one already in place, but when we upgraded to SharePoint 2010 – it reconfigures the IIS application – creating a disconnect in your certificate. I’ll cover this in another blog. For now – let’s gen the CSR – then get the new cert:

First, launch your IIS Manager (Start—>Run and type in INETMGR and press Enter):

image

Notice that the machine name is selected just under Start Page in the left tree view. This is where you want your cursor – we’re working at the Server level – and certificates are all handled at this level – not at the site level like in the days of IIS6.

Scroll down in the center page (SBS Home above) and local Certificates:

image

Double-click – or select and press Enter on Server Certificates.

In our example, we locate our certificates – and all appears fine – except the certificate is no longer valid – so we’re going to create a new request (CSR) and walk through getting and applying the new certificate.

image

You’ll find this view on the right side of your Internet Information Services (IIS) Manager console. Click Create Certificate Request

image

NOTE: The Common Name is your actual URL – the site that you’ll be applying the certificate to. It’s important that you enter it – as shown above. Our actual URL to this site includes HTTPS:// before it, and a slash (“/”) and other page references after it – depending on what resources we’re trying to get to. But the actual site is exactly like that shown above – and it’s important that you enter this as your Common Name.

The rest is pretty straight forward. Once this is complete, click Next

image

Leave this default setting and click Next

image

This is the file name that the CSR hash will be written to. We use a text file format because it’s easy to copy/paste into our SSL provider when we get to that point.

In our case, we use GeoTrust and RapidSSL for our certificates, your provider may be different – but the next stages have to do with logging onto your SSL provider – using whatever account you created at that time – and select to re-issue the certificate. This will walk through collecting this new CSR request – and invariably – generating the new SSL certificate (.CER file).

NOTE: If you do not place something like C:\ before the above file name, it’ll place it in your User Profile path – which is typically in C:\Users\<userName> … – it’s easier to specify a path to save it to before clicking finish – that way you can quickly find it.

Once you locate it – it’s saved with a .TXT suffix – so if you double-click the file – it should open in OneNote, and you should see something similar to the following:

 

image

When you log into your SSL provider account and select to re-issue your certificate – you will have to copy this information from this text file into the CSR block on the screen of your provider. You should be familiar with this account – and when you have to copy, you’ll want to copy all of this data – including the ----BEGIN all the way to the REQUEST----- - end of the file.

The re-issue process, depending on our SSL provider – generally is an email to confirm the re-issue, and then a final email with the new certificate included in the email. From GeoTrust – they do not email us a attachment of the certificate – rather, they include the certificate block – similar to that shown above – right in the email – so we just copy/paste from our email.

Once we receive our new Certificate from GeoTrust – we create a .CER file, and open it with Notepad – just like our text file. Then we copy/paste our data into that file:

 

image

With this saved, we’re ready to apply the new certificate to our server.

Close Notepad – ensuring that your file suffix name is .CER – triple check and make sure Notepad didn’t slit in .TXT at the end of .CER – if it did, manually rename the file and get ready for the final stage.

Launch your Internet Information Services (IIS) Manager (INETMGR) – if you closed it, or bring it back up on your screen:

image

In the Actions menu located on the right side, click Complete Certificate Request.

image

Browse to your .CER file by clicking on the … ellipsis button to the right of File name containing the certificate authority’s response:

image

For the friendly name – we simply used the domain common name again.

Click OK.

Now, reviewing our certificates, notice below we have the one that was to be re-issued – in our case – we had a new issue generated for 3 years – and then you’ll see the old one right above it – expiring in 2010:

image

If you have a similar situation – delete that old certificate – otherwise it can be selected inadvertently when you’re assigning it to the site – and that will just create confusion.

image

With our old one deleted – we’re ready to apply the new certificate.

Bring up the site on the left of your Internet Information Services (IIS) Manager dialog, expanding sites, and selecting the actual site to apply this certificate to:

image

Ours is SBS SharePoint – and on the right side under Actions click Bindings

image

Here we select the HTTPS line and click Edit

You’ll have to drop down your certificate options and select your actual certificate, then click OK to apply:

image

After clicking OK – click Close  and that’s it. Your new certificate is now applied to this site.

Hope that helps – sorry to be so long winded.

Posted on Monday, December 14, 2009 11:26 AM | Back to top


Comments on this post: Creating CSR – Certificate Request – and Generating CSR’s for IIS7/IIS 7/ Internet Information Services 7

# re: Creating CSR – Certificate Request – and Generating CSR’s for IIS7/IIS 7/ Internet Information Services 7
Requesting Gravatar...
Adidas knows the shoes became famous in the shoe bazaar as a casual shoe because of the gazelle ongoing in the Adidas Porsche Design sneakers.However, within four decades,Cheap adidas shoes have reserved manufacturers in continual production of Adidas Rod Laver for more than four decades. Our Gucci outlet online store are offering Gucci new released collections and discount Gucci bags, Gucci handbags, Gucci wallets, Gucci purses, Gucci totes, shoes etc.
http://www.adidas-cheap.com/

Left by adidasshoes on Apr 29, 2010 1:25 AM

# re: Creating CSR – Certificate Request – and Generating CSR’s for IIS7/IIS 7/ Internet Information Services 7
Requesting Gravatar...
thank you for sharing, I LIKE IT
Left by jkjk on Aug 05, 2010 9:57 PM

# re: Creating CSR – Certificate Request – and Generating CSR’s for IIS7/IIS 7/ Internet Information Services 7
Requesting Gravatar...
yes, i agree with you
Left by Louis Vuitton outlet on Aug 05, 2010 9:58 PM

# re: Creating CSR – Certificate Request – and Generating CSR’s for IIS7/IIS 7/ Internet Information Services 7
Requesting Gravatar...
ni wen wo zhe shi jie zui yuan de di fang zai na li
Left by Chanel 2.55 on Aug 05, 2010 9:59 PM

# chanel bags
Requesting Gravatar...

Christmas gift for your children, sister, momy , husband or wife, it’s a happy time to choose new Coach bags, weather Coach bags or Chanel bags, even Vibram shoes, MBT Shoes, all the gift with your love. http://www.vibram-toe-shoes.com/ Yes, even just a littler Coach wallet, it bring your mom to laugh. http://www.coach-tote.com/
Left by chanel bags on Sep 23, 2010 9:04 PM

# Vapornation.com
Requesting Gravatar...
Thanks for posting such useful article.

Left by Volcano Vaporizers on Oct 01, 2010 3:31 AM

# re: Creating CSR – Certificate Request – and Generating CSR’s for IIS7/IIS 7/ Internet Information Services 7
Requesting Gravatar...
As a stylish woman,own Jimmy Choo Shoes can be a proud,visit www.discountjimmychoo-uk.com and you will find all kinds of Jimmy Choo products with different styles are on promotion now.Click your mouse and have a visit now!
Left by Jimmy Choo Sale on Dec 07, 2010 1:43 AM

# re: Creating CSR – Certificate Request – and Generating CSR’s for IIS7/IIS 7/ Internet Information Services 7
Requesting Gravatar...
You got a nice page. keep it up.
Left by Trey Smith on Jan 03, 2011 8:17 AM

# re: Creating CSR – Certificate Request – and Generating CSR’s for IIS7/IIS 7/ Internet Information Services 7
Requesting Gravatar...
I have never read such a wonderful article and I am coming back tomorrow to continue reading.
http://www.belowbulk.com
Left by cheap clothes online on Jan 07, 2011 11:22 PM

Your comment:
 (will show your gravatar)


Copyright © Michael J. Hamilton, Sr. | Powered by: GeeksWithBlogs.net