Microsoft Internet Information Server (IIS) 5

Follow these instructions to generate a CSR for your Website. When you have completed this process, click the "close" button below to close this window and continue to the next step.

Note: If you are renewing your certificate or your site is currently running a web server certificate please refer to renewal section of this document.

1. Select the Internet Information Services console within the Administrative Tools menu.

2. Select the computer and web site (host) that you wish to secure.
   Right mouse-click to select Properties.

3. Select the Directory Security tab.

4. Select Server Certificateunder Secure Communications

5. Click Next in the Welcome to the Web Server Certificate Wizard window.

6. Select Create a new certificate, Click Next.

7. Select Prepare the request now, but send it later.

8. At the Name and Security Settings screen, fill in the [friendly] name field for the new certificate. Select bit length. We recommend using 1024-bit length. Click Next.

9. When creating a CSR you must follow these conventions.
   Enter your Distinguished Name Field information.
   The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?&. This includes commas.

   Distinguished Name Field	Explanation	Example
   Common Name	The fully qualified domain name for your web server. This must be an exact match.	If you intend to secure the URL https://www.geotrust.com, then your CSR's common name must be www.geotrust.com
   Company (Organization) Name	The exact legal name of your organization. Do not abbreviate your organization name.	GeoTrust Inc.
   Organizational Unit	Section of the organization	Marketing
   City or Locality	The city where your organization is legally located.	Atlanta
   State or Province Name	The state or province where your organization is located. Can not be abbreviated.	Georgia
   Country Name	The two-letter ISO abbreviation for your country	US = United States

10. Enter your Administrator contact information.

11. Enter a path and file name for the CSR.

12. Verify your request and then click Next.

13. At the Completing the Web Server screen, select Finish.

DO NOT REMOVE the pending request or the .crt file will not match and your certificate will not install.

14. Select Finish.

15. Submit your CSR to GeoTrust by clicking on Continue. You will be asked to complete the agreement and the enrollment form as well.

Renewals or Sites currently running ssl

The renewal request option within IIS 5.0 does not create a request in a PKCS10 format. This should be corrected with SP2. IIS 5.0 does not allow your site that is currently running ssl to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a ssl session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following. Please read and print these instructions before submitting your new certificate request.

1. Leave your existing site that currently has the certificate installed alone.

2. Create another virtual site within IIS (this does not have to be a functional site).

3. Create a certificate request within the newly created virtual site.

4. Submit the new request through the following URL http://www.geotrust.com/True BusinessID/

5. Wait for the .crt response file to be emailed to you from support@geotrust.com.

6. After you receive the response file (.crt) you will need go to the new virtual site and process the pending request by selecting the .crt file we sent you.

7. After combining your .crt file to the pending request you may then go to the original web site and remove the current certificate.

8. You can then assign an existing certificate, which will be the new certificate.

Mariner Enterprises