How to Generate a CSR Code Using IIS?

⚠️ The CSR must be generated on the same server where your website is hosted. A CSR created on a different server will cause a mismatch when you try to install the certificate.

View SSL Certificates

Don't have an SSL certificate yet? Browse Atak Domain's SSL options.

View SSL Certificates →

Quick Steps: Generate a CSR in IIS

Step 1 - Open IIS Manager

Click the Windows Start button or the Search bar, type "IIS" or "inetmgr", and click Internet Information Services (IIS) Manager from the results.

Step 2 - Open Server Certificates

In IIS Manager, click your server name in the left panel. On the main panel, double-click the "Server Certificates" icon.

Step 3 - Create a New Certificate Request

In the Actions panel on the right side of the screen, click "Create Certificate Request..." to launch the CSR wizard.

Step 4 - Enter Your Distinguished Name Properties

A window titled "Distinguished Name Properties" will appear. Fill in each field carefully:

Once all fields are filled in, click "Next" to continue.

Step 5 - Set the Cryptographic Provider and Bit Length

Leave the Cryptographic service provider set to its default: Microsoft RSA SChannel Cryptographic Provider. Do not change this.

For Bit length, the default may show 1024. Change it to 2048 or higher - this is the minimum key size accepted by modern certificate authorities. Then click "Next."

Step 6 - Choose a Save Location

Click the "..." (browse) button to choose where to save your CSR file. We recommend saving it to the Desktop for easy access. Once you've selected a path, click "Finish" to generate the CSR.

Step 7 - View Your CSR Code

Navigate to the save location you selected and open the .txt file with Notepad. Your CSR code will look like this:

-----BEGIN CERTIFICATE REQUEST-----
MIIByjCCATMCAQAwgYkxCzAJBgNVBAYT...
-----END CERTIFICATE REQUEST-----

Step 8 - Verify Your CSR Code

Before submitting your CSR for SSL activation, verify it is correctly formatted. Paste the full code into the Atak Domain CSR Decoder at atakdomain.com/en/csr-decoder and confirm all the details match what you entered.

If any detail is wrong, you can generate a new CSR from the same server and start again - the process is identical.

What to Do Next

Once you have your CSR code, follow these steps to complete the SSL setup:

Need an SSL certificate? Atak Domain offers DV, OV, EV and Wildcard SSL with free installation support.

Frequently Asked Questions

Q: What is a CSR?

A: A CSR (Certificate Signing Request) is an encrypted block of text generated on your server. It contains your domain name, organization details, and your server's public key. The certificate authority uses it to issue an SSL certificate that's specific to your domain.

Q: Why must the CSR be generated on the same server as the website?

A: The CSR generation process creates two keys: a public key (included in the CSR) and a private key (stored on the server). These must match. If you generate the CSR on a different server, the private key won't be present when you try to install the certificate, and the installation will fail.

Q: How do I enter the Common Name for a Wildcard SSL certificate?

A: For a Wildcard SSL certificate, enter *.yourdomain.com as the Common Name. This covers the root domain and all first-level subdomains (e.g. www, mail, shop).

Q: What should I do after generating the CSR?

A: Copy the full CSR code (including the dashes), verify it at atakdomain.com/en/csr-decoder, then submit it when activating your SSL certificate. Once the certificate is issued, use the IIS SSL Installation guide to complete the setup.

Q: How do I verify my CSR?

A: Paste the full CSR code into the Atak Domain CSR Decoder at atakdomain.com/en/csr-decoder. It will decode the CSR and display the details you entered, so you can confirm everything is correct before submitting.

Q: What is the CSR Decoder?

A: The CSR Decoder is a free tool that reads an encoded CSR and displays its contents in plain text - domain name, organization, country, and key size. It's useful for catching errors before SSL activation.

Q: What should I do if my CSR is incorrect?

A: Generate a new CSR on the same server, following the same steps. There's no limit to how many times you can generate a CSR. Just make sure to use the new CSR code when submitting for activation.

Q: Which versions of IIS does this guide cover?

A: The steps in this guide work identically on all versions of IIS that run on Windows Server, including IIS 5.x, 6.x, 7.x, 8.x, 10, and later. The IIS Manager interface is consistent across versions for CSR generation.

Summary

CSR generation in IIS takes under five minutes. Open IIS Manager, go to Server Certificates, create a new certificate request, fill in your domain details, set the bit length to 2048 or higher, save the file, and verify the output with the CSR Decoder before submitting.

The most important thing to remember: always generate the CSR on the server where your website is hosted. Doing it on a different machine will prevent the certificate from installing correctly.

Ready to activate your SSL? Browse Atak Domain's SSL certificate options.