Generate a Certificate Signing Request for IIS 4.0
Follow these instructions to generate a CSR for your Web site.
You must have Service Pack 4 or higher, or MS Internet Explorer 5 and higher
- Open the Key Manager. Go to the Key menu and select Create New Key.
- Select Put the request in a file that you will send to an authority. Enter a file and path in the text box that you will remember.
Example: C:\NewKeyRq.txt.
Click Next.
- Enter your key name as specified in the previous step. Enter and confirm a password.
Warning: If you lose the password, you must purchase another certificate.
- When creating a CSR you must follow these conventions.
Enter the Distinguished Name Field information.
The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?&.
This includes commas.
Distinguished Name Field Explanation
Common Name
The fully qualified domain name for your web server. This must be an exact match.
Example: If you intend to secure the URL https://www.ravand.com, then your CSR's common name must be www.ravand.com.
Organization
The exact legal name of your organization. Do not abbreviate your organization name.
Example: Ravand Inc.
Organization Unit
Section of the organization
Example: Marketing
City or Locality
The city where your organization is legally located.
Example: Toronto
State/Province
The state or province where your organization is legally located. Can not be abbreviated.
Example: Ontario
Country
The two-letter ISO abbreviation for your country.
Example: CA = Canada
Administrator Name
Contact Name
Example: John Smith
Email Address
Contact Email
Example: john.smith@ravand.com
Phone Number
Contact Phone
Example: 444-444-1234
- After you close out of the key manager, click on Yes to Commit all Changes.
Warning: If you do not click yes, your private key will not be saved and your certificate from Ravand will not install.
- Submit your CSR to Ravand.
Note: Remember to back up your key pair file.
The Server Gated Cryptographic extension can be enabled or disabled from the registry.
Check the registry key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\SecurityProviders\ SCHANNEL
By default, there is no value or key for EnableSGC. You have to add it in order to support SGC, and you would set the value to 1 - that is, you would create a new key "EnableSGC" and set its value to 1. If the "EnableSGC" key already exists, just set EnableSGC=0.
See also the following Microsoft articles:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q234271
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q194889
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q239449
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q249863