How to create a SAN certificate signing request for IIS web server?
Posted by Brajesh Panda on June 6, 2011
SAN Certificate for IIS 7.5 Web Servers – Part 2
- How to configure multiple websites to access using host headers?
- How to create a certificate signing request for our IIS web server?
- How to make sure internal certificate authority is supporting SAN certificate feature?
- How to generate SAN certificate from internal Windows 2003 certificate authority?
- How to configure/import SAN certificate in IIS 7.x?
How to create a SAN certificate signing request for IIS web server?
-
Open Certificate MMC snap in for your computer
- Click on Start – Run – MMC – File – Add/Remove Snap In – Select Certificates – Click Add – Select My Computer
- Click on Start – Run – MMC – File – Add/Remove Snap In – Select Certificates – Click Add – Select My Computer
- Click on Personal – All Tasks – Advanced Operations – Create Custom request
- Click next in Certificate Enrollment Wizard’s welcome window
- Select “Proceed without enrollment policy” under Custom Request & click next
- In Custom Request window Select (No template) Legacy key & PKCS #10 as request format
- And Click Next
- In Certificate Information Page click the Details icon then Properties. It will open up Certificate Properties window, where we can define different attributes.
- Under Private Key, select key size. Over here I just left it as default. You may like to select 4096 for production servers.
- Under Key Type select “Exchange“
- Under Extension tab select Extended Key Usage; add Server Authentication from the available options.
- Under Subject Tab we will be defining our multiple DNS names for the certificate
- From Drop down Subnet Name section select Common Name & type the value. Preferably the primary domain name & then click Add.
- Under Alternative Name select DNS type all alternate DNS Names & add them.
- Under General Tab type a friendly name.
- Better to keep add a * in front of the friendly name now. It will help you to bind the certificate from IIS graphical user interface to all websites using same IP & port 443. If you don’t do this now, no worries, you can do it later or you can use Commadline tool to bind this cert. I have discussed the same in certificate installation/import post.
- Click okay & In certificate information window click next
- Give a file path to save this certificate request 7 select Base 64 as file format
- It will generate “.req” file, you can open this file using notepad.
- You use this file to generate your SAN certificate from external public certificate authority or from your internal certificate authority server.
TechOnTip Weblog 
How to make sure internal certificate authority is supporting SAN certificate feature? « TechOnTip Weblog said
[…] How to create a SAN certificate signing request for IIS web server? […]
How to generate SAN certificate from internal Windows 2003 certificate authority? « TechOnTip Weblog said
[…] How to create a SAN certificate signing request for IIS web server? […]
How to configure/import SAN certificate in IIS 7.x? « TechOnTip Weblog said
[…] How to create a SAN certificate signing request for IIS web server? […]
DNS Port said
DNS…
[…]How to create a SAN certificate signing request for IIS web server? « TechOnTip Weblog[…]…
internet said
hosting…
[…]How to create a SAN certificate signing request for IIS web server? « TechOnTip Weblog[…]…
Self Signed SSL Certificate in IIS 6 (Windows Server 2003) « Fraction of the Blogosphere said
[…] SAN Cert/Custom Request, https://techontip.wordpress.com/2011/06/06/how-to-create-a-san-certificate-signing-request-for-iis-we… LD_AddCustomAttr("AdOpt", "1"); LD_AddCustomAttr("Origin", "other"); […]
Siti web gratis said
Siti web gratis…
[…]How to create a SAN certificate signing request for IIS web server? « TechOnTip Weblog[…]…
Self-Sign Certificates in Windows 2008 R2 « TechOnTip Weblog said
[…] you want to know how to generate SAN certificate read this […]
Mario said
Hi!
And how will i process the answer to this CSR ?
Kind regards
Mario
Zoltan said
Mario,
Simply import the response into the very same certificate store folder were you have started the CSR generation.
wordpress theme review said
This is very interesting, You are a very skilled blogger.
I have joined your feed and look forward to seeking more of your excellent post.
Also, I have shared your website in my social networks!
Tod said
I go to see everyday some web pages and blogs to read posts,
but this blog offers feature based content.
Brajesh Panda said
Thank you Tod for inspiring words.
creating a blog said
Just wish to say your article is as astonishing. The clearness to your post is just nice and
that i could assume you’re knowledgeable in this subject. Well along with your permission allow me to take hold of your RSS feed to keep updated with imminent post. Thank you a million and please continue the rewarding work.
How Do I Make A Website said
Hi there, just became alert to your blog through Google, and
found that it’s really informative. I am gonna watch out for brussels. I will be grateful if you continue this in future. A lot of people will be benefited from your writing. Cheers!
at work said
I was pretty pleased to discover this page. I need to to thank you for your time due to this fantastic read!! I definitely savored every little bit of it and I have you book marked to look at new stuff on your website.
ann arbor michigan said
There are many people moving on with the art of photography
in the right manner. The mini spy pen camera is available in 4GB,
8GB and 16 GB for regular use as per requirement of the
customer. There are a lot of options in mobile phones available
on the market today.
increase views youtube said
It is not my first time to pay a quick visit this web site, i am visiting this web site dailly and get fastidious facts from here everyday.
rozliczenie pit program said
Hello I am so grateful I found your web site, I really found you by mistake, while I was researching on Bing
for something else, Anyhow I am here now and would just like to say thank you for a
marvelous post and a all round enjoyable blog (I also love the theme/design), I don’t have time to read through it all at the minute
but I have saved it and also added in your RSS feeds, so when I have time I will
be back to read a great deal more, Please do keep up the great work.
www.youtube.com said
You can make use of flax meal, almond meal, soy powder, etc.
how do you tag yourself in someone's photo on facebook said
All you have to do is to choose a relevant subject,
learn composition and choose a stock photo website.
This beginner photography article on common abbreviations and acronyms will help you understand popular photography terms and direct you to helpful articles for a deeper look.
The scientific background of photography shows that the use of it for exploring the natural world was exploited by big businesses.
Brendan said
Thank you, this was incredibly helpful and exactly what I was looking for.
sapgenpse get_pse for two CN (SAN certificate) | SES said
[…] https://techontip.wordpress.com/2011/06/06/how-to-create-a-san-certificate-signing-request-for-iis-we… […]
Andreas said
Thank you, this was realy helpful – especially the screenshots 🙂
glahens said
Very helpful. Only site from Google search that helped. One important item left off of these instructions is that when doing this that you should also add O, OU, Locality(L), State and Country in the Subject Name section when using these certificates for SSL sites where you are going to ask a CA to sign the certificate.. Made this mistake the first time around. 😉
Brajesh Panda said
Thanks
wwe.com 2011 said
wwe.com 2011
How to create a SAN certificate signing request for IIS web server? « TechOnTip Weblog
seeking love said
Thanks ѵery interesting blog!
resume docket review said
resume docket review
How to create a SAN certificate signing request for IIS web server? « TechOnTip Weblog
msebko said
How to create a SAN certificate signing request for IIS web server?
Answer:
– After last step open IIS management console, click server name and then on Server Certificates
– on the right pane click on complete certificate request
– paste generated request and enter friendly name – will show in IIS certificate store
– assign certificate to the https protocol binding:
1. create first https binding:
appcmd set site /site.name:”IIS_site1_name” /+bindings.[protocol=’https’,bindingInformation=’ipaddress:443:firstDNSname’]
2. create second https binding:
appcmd set site /site.name:”IIS_site2_name” /+bindings.[protocol=’https’,bindingInformation=’ipaddress:443:secondDNSName’]
3. assign certificate to the IP and port 443:
netsh http add sslcert ipport=ipaddress:443 certhash=(thumbprint of imported certificate without spaces) appid={random guid code}
Thats it !
Brajesh Panda said
Thanks good notes with appcmd. Good for my scripts.
machine a sous banditisme said
machine a sous banditisme
How to create a SAN certificate signing request for IIS web server? « TechOnTip Weblog
machine a sou pour le fun said
machine a sou pour le fun
How to create a SAN certificate signing request for IIS web server? « TechOnTip Weblog
How to create a SAN certificate signing request for IIS web server? « TechOnTip Weblog | maksimusprime said
[…] Print […]
Pete Worthen said
Dangit, we’d like an edit button.
sue said
I followed this steps but I could not key in the Distinguished Name Properties. Or I can key in Distinguished Name Properties but I could not add multiple domain SAN. There is no options. How do I do both and generate the CSR?
Brajesh Panda said
Not sure about the DN you are talking.
How To Create A Web Server Using Iis | How Find Money said
[…] How to create a SAN certificate signing request for IIS … – Jun 06, 2011 · How to create a SAN certificate signing request for IIS web server? Posted by Brajesh Panda on June 6, 2011 […]
How To Create A Csr In Iis 7.5 | Ho My God said
[…] How to create a SAN certificate signing request for IIS … – Jun 06, 2011 · How to create a SAN certificate signing request for IIS web server? Posted by Brajesh Panda on June 6, 2011 […]
Константин Алексеенков said
Thanks for the instruction! :3
Pete Wilson said
This is great except the Certificate Enrollment wizard resets the key length when you change the Key type to Exchange, so you need to first change the Key type to Exchange, then set the Key options for length and Make private key exportable which isn’t checked by default.
Chris said
These instructions don’t work at all, please test them step by step yourself. It says invalid information entered when you try and click the private key tab, plus you’re not showing entering the OU, Locality and other required information.