c Expand All C Collapse All

Technical Information

a

How to create the CSR with SAN in Windows IIS?

This FAQ explains how to generate CSR on Microsoft Windows Server running IIS (any version) with SAN (Subject Alternative Name) values.

Categories: Installation FAQ, Technical Information

Following steps are applicable for all versions of IIS. Windows Server should be domain joined.

  1. Open the MMC console and add the Certificate snap-in to it as Local Computer. Right Click Personal node on the left and Select All Tasks –>Advanced Operations –> Create Custom Request.
  2. Choose Proceed without enrollment policy and Click Next. Choose No Template Legacy Key for compatibility reasons. Use PKCS#10.
  3. Click Next and click Properties. Give a friendly name for the certificate and a description. Ensure that you hit Apply as soon as you are done with the tab.
  4. Click on Subject tab and add all the hostnames under “Alternative Name“. Under Subject Name, enter the Common Name (CN), Organizational Unit (OU), Organization (O), State (S) and Country (C) values. Click Apply.
  5. Under the Extensions tab, expand Extended Key Usage (application policies) and select Server Authentication and Client Authentication. Click Apply.
  6. Under the Private Key tab, set the Key size to 2048 under Key options. Tick Make Private Key exportable. Select Exchange as the Key type. Click Apply. Click OK.
  7. Select a location to save the file. Choose the file format as Base 64. Click Finish.

CSR is generated with SAN values.

Tags: CSR, IIS, Microsoft, MMC, SAN, Subject Alternative Name, Windows Server
Permalink

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top

Installation FAQ

a

How to create the CSR with SAN in Windows IIS?

This FAQ explains how to generate CSR on Microsoft Windows Server running IIS (any version) with SAN (Subject Alternative Name) values.

Categories: Installation FAQ, Technical Information

Following steps are applicable for all versions of IIS. Windows Server should be domain joined.

  1. Open the MMC console and add the Certificate snap-in to it as Local Computer. Right Click Personal node on the left and Select All Tasks –>Advanced Operations –> Create Custom Request.
  2. Choose Proceed without enrollment policy and Click Next. Choose No Template Legacy Key for compatibility reasons. Use PKCS#10.
  3. Click Next and click Properties. Give a friendly name for the certificate and a description. Ensure that you hit Apply as soon as you are done with the tab.
  4. Click on Subject tab and add all the hostnames under “Alternative Name“. Under Subject Name, enter the Common Name (CN), Organizational Unit (OU), Organization (O), State (S) and Country (C) values. Click Apply.
  5. Under the Extensions tab, expand Extended Key Usage (application policies) and select Server Authentication and Client Authentication. Click Apply.
  6. Under the Private Key tab, set the Key size to 2048 under Key options. Tick Make Private Key exportable. Select Exchange as the Key type. Click Apply. Click OK.
  7. Select a location to save the file. Choose the file format as Base 64. Click Finish.

CSR is generated with SAN values.

Tags: CSR, IIS, Microsoft, MMC, SAN, Subject Alternative Name, Windows Server
Permalink

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top
a

How to install Intranet SSL Certificate (PFX) on IIS in Windows Server?

How to install or import PFX file with private key in IIS on Windows Server. Use ‘Certificates’ snap-in in MMC and Import. Next step is binding the certificate.

Category: Installation FAQ

Step by step instructions on how to import the SecureNT Intranet SSL Certificate PFX file in Windows IIS Server (any version). It’s a two-step process.

Step-1: How to Import the PFX File in IIS

  1. From the Start menu, type MMC, and click OK
  2. In the User Account Control window, click Yes
  3. In the Console window, in the menu at the top, click File > Add/Remove Snap-in.
  4. In the Add or Remove Snap-ins window, under Available snap-ins click Certificates and then, click Add.
  5. In the Certificates snap-in window, choose Computer account and then, click Next.
  6. In the Select Computer window, select Local computer(computer this console is running on), and then, click Finish.
  7. In the Add or Remove Snap-ins window, click OK.
  8. From the Console window, from the Console Root folder, expand Certificates (Local Computer) (the certificate file will be in Personal or Web Hosting folder).
  9. Right-click on the certificate file which you want to import and then click All Tasks > Import
  10. On the Welcome to the Certificate Import Wizard page, click Next.
  11. Follow the instructions to import the primary SSL certificate from the PFX file
  12. On the Certificate Store page, select Automatically select the certificate store based on the type of certificate.
  13. Double-check your settings and then click Finish

You should see “The import was successful” message.

Step-2: How to Enable the SSL Certificate

  1. From the start menu, search for Administrative Tools, open it, and double-click on Internet Information Services (IIS) Manager.
  2. Under Connections, expand your server’s name, expand Sites, and then, click the site that you want to encrypt.
  3. In the Actions menu, under Edit Site, click Bindings.
  4. In the Site Bindings window, click Add.
  5. In the Add Site Binding window, from the drop-down lists select: HTTPS, All Unassigned, and enter port 443.
  6. From the SSL certificate drop-down list, select the certificate you want to import
  7. Click OK and restart your IIS server

SecureNT Intranet SSL certificate is now installed on IIS.

Following article has the steps shown with screen-shots.

How to Import the SSL Certificate w/Private Key .pfx File

Tags: Binding, Deployment, IIS, Installation, PFX, Windows Server
Permalink

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top