Certificate authority needs information to verify the applicant before issuing certificate. In Public Key Infrastructure (PKI), an applicant provides CSR (Certificate Signing Request) to the certificate provider to get a digital identity certificate. The CSR contains public key and private key, which should be generated by the applicant. The CSR must occupy the information required by the certificate authority: Distinguished name, Business name, Town, Department name, country, region, generic email address. To identify the server name for which a certificate request is made, the CSR also includes fully qualified host name of the server. To verify the CSR, an applicant must provide the hostname and key size. According to latest encryption standard, the length of CSR key is 2048-bit or higher.
For the first step lets open Internet Information Services (IIS) Manager and click on the name of the server in the connections column on the left and double-click on “Server Certificates”. (Click on the Image for a full size view)
Next we’re going to enter all of the information about your company and the domain you are securing and then click “Next”.
If this is going to be a wildcard certificate, make sure to put the *.
Use the default Cryptographic Service Provider and make sure you use 2048 bit or higher, then click Next.
Browse the filename to save the request certificate and click Finish. You will require that contents of this file to enroll an SSL Certificate.