Generate a Certificate Signing Request (CSR)

Microsoft Internet Information Server (IIS) 4.0

Follow these instructions to generate a CSR for your Web site. When you have completed this process, click the "close" button below to close this window and continue to the next step.

You must have Service Pack 4 or higher, or MS Internet Explorer 5 and higher

1. Open the Key Manager. Go to the Key menu and select Create New Key.

2. Select Put the request in a file that you will send to an authority. Enter a file and path in the text box that you will remember.
   Example: C:\NewKeyRq.txt.
   Click Next.

3. Enter your key name as specified in the previous step. Enter and confirm a password.

   Warning: If you lose the password, you must purchase another certificate.

   Certificate Replacement Policy

4. When creating a CSR you must follow these conventions.
   Enter the Distinguished Name Field information.
   The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?&amp;.

   Distinguished Name Field Explanation

   Common Name

   The fully qualified domain name for your web server. This must be an exact match.
   example: If you intend to secure the URL https://www.geotrust.com, then your CSR's common name must be www.geotrust.com.

   Organization

   The exact legal name of your organization. Do not abbreviate your organization name.
   example: GeoTrust Inc.

   Organization Unit

   Section of the organization
   example: Marketing

   City or Locality

   The city where your organization is legally located.
   example: Atlanta

   State/Province

   The state or province where your organization is legally located. Can not be abbreviated.
   example: Georgia

   Country

   The two-letter ISO abbreviation for your country.
   example: US = United States

   Administrator Name

   Contact Name
   example: John Smith

   Email Address

   Contact Email
   example: john.smith@geotrust.com

   Phone Number

   Contact Phone
   example: 555-555-1212

5. After you close out of the key manager, click on Yes to Commit all Changes.

   Warning: If you do not click yes, your private key will not be saved and your certificate from GeoTrust will not install.

6. Submit your CSR to GeoTrust by clicking on Continue, you will be asked to complete the agreement and the enrollment form as well.
   Note: Remember to back up your key pair file.

The Server Gated Cryptographic extension can be enabled or disabled from the registry.

Check the registry key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\SecurityProviders\ SCHANNEL

By default, there is no value or key for EnableSGC. You have to add it in order to support SGC, and you would set the value to 1 - that is, you would create a new key "EnableSGC" and set its value to 1. If the "EnableSGC" key already exists, just set EnableSGC=0.

See also the following Microsoft articles:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q234271 http://support.microsoft.com/default.aspx?scid=kb;en-us;Q194889 http://support.microsoft.com/default.aspx?scid=kb;EN-US;q239449 http://support.microsoft.com/default.aspx?scid=kb;EN-US;q249863

Certificate Replacement Policy

GeoTrust will replace, revoke, and refund certificates that have been issued within seven (7) days of the certificate issue date. If you need a new certificate after seven days, you will be responsible for purchasing a new server certificate.