SSL Certificates

CSR Instructions - Microsoft IIS 4.0

Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to eWAY in order to be generated into a SSL Security Certificate.

OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.

You must have Service Pack 4 or higher, or MS Internet Explorer 5 and higher

  1. Open the Key Manager. Go to the Key menu and select Create New Key.

  2. SelectPut the request in a file that you will send to an authority. Enter a file and path in the text box that you will remember.
    Example: C:\NewKeyRq.txt.
    Click Next.

  3. Enter your key name as specified in the previous step. Enter and confirm a password.

    Warning: If you lose the password, you must purchase another certificate.

  4. When creating a CSR you must follow these conventions.
    Enter the Distinguished Name Field information.
    The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?&.

    Distinguished Name Field Explanation

    Common Name

    The fully qualified domain name for your web server. This must be an exact match.
    example: If you intend to secure the URL https://www.yourdomain.com, then your CSR's common name must be www.yourdomain.com.

    Organization

    The exact legal name of your organization. Do not abbreviate your organization name.
    example: Your Company, Inc.

    Organization Unit

    Section of the organization
    example: Marketing

    City or Locality

    The city where your organization is legally located.
    example: Atlanta

    State/Province

    The state or province where your organization is legally located. Can not be abbreviated.
    example: Georgia

    Country

    The two-letter ISO abbreviation for your country.
    example: US = United States

    Administrator Name

    Contact Name
    example: John Smith

    Email Address

    Contact Email
    example: john.smith@yourdomain.com

    Phone Number

    Contact Phone
    example: 555-555-1212  



  5. After you close out of the key manager, click on Yes to Commit all Changes.

    Warning: If you do not click yes, your private key will not be saved and your certificate will not install.

  6. Submit your CSR to RapidSSL.com and complete the online enrollment process.

    Note: Remember to back up your key pair file.

The Server Gated Cryptographic extension can be enabled or disabled from the registry.

Check the registry key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\SecurityProviders\ SCHANNEL

By default, there is no value or key for EnableSGC. You have to add it in order to support SGC, and you would set the value to 1 - that is, you would create a new key "EnableSGC" and set its value to 1. If the "EnableSGC" key already exists, just set EnableSGC=0.

See also the following Microsoft articles:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q234271

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q194889

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q239449

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q249863

» Return to CSR Instruction List