Step by Step Guide To Generate CSR For Wildcard SSL Certificate In IIS 7.
Wildcard SSL Certificate is a required SSL certificate for businesses who carry their business on subdomains and want to secure all of them under a single security solution. To get a wildcard certificate on the server, you need to first create a CSR and a private key. In this article, we will talk about CSR generation for a wildcard for Apache + Mod SSL + OpenSSL as well as the IIS platform. First, we will know how to create a private key in OpenSSL.
How to Create a Private key on OpenSSL?
OpenSSL is a free command-line tool for SSL and TLS protocols also used in general as a cryptographic library. OpenSSL should be installed on /usr/local/ssl/bin path.Before generating a private key, you should decide the key algorithm, size of a key, a passphrase (optional). Below is an example of a command used to generate a private key.
openssl genrsa -out private-key.pem 2048
The private key is now generated in your current directory naming private-key.pem where 2048-bit is key size. The generated key format would be PEM. When you do not keep a passphrase for a private key, you should keep restrictions to server access as only admin persons should have access to the server. A private key with a passphrase will look as follow.
opensslgenrsa -des3 -out .key 2048
However, you can use the below command to decode the private key.
openssl rsa -text -in private-key.pem -noout
A decoded private key will look like a gibberish raw of characters that you can see below the image.
How to create a CSR (certificate signing request) on OpenSSL?
After generating a private key, you should now generate a CSR on OpenSSL.
opensslreq -new -key .key -out .csr
NOTE: To directly access OpenSSL.cnf on the windows server, you can follow the below path.
opensslreq -new -key .key -config
“c:\Apache Software Foundation\Apache2.2\conf\openssl.cnf”-out .csr
Enter CSR Details:
After applying the OpenSSL command for CSR generation, it is time to enter CSR details.
- Common Name: It is an FQDN (Fully Qualified Domain Name) you want to add and secure with the certificate. For example, htttps://www.clickssl.net
- Organization: Here, you need to put your organization’s legal registered name.
- Organization Unit (OU): The department from which the SSL request has been made like HR, IT, etc.
- City or Locality: A city or locality where your business is located.
- State or Province: A state where an organization is incorporated.
- Country: A country in which an organization is legally incorporated. It should be a two-letter country code.
How To Generate CSR For Wildcard SSL Certificate In IIS 7?
Here, we have enumerated the CSR generation for the installation of Wildcard SSL on IIS 7.
IIS is an internet information server created by Microsoft for the use of the window. It supports HTTP, HTTPS, FTP, SMTP, and NNTP. It carries request filter, which rejects suspicious URL and thus reduces the attack. As we know, SSL certificates are the most trusted certificate all over the world.
Generate Certificate Signing Request (CSR)
Step #1: Open Internet Information Services (IIS) Manager and click on the name of the server in the connections column on the left and double-click on “Server Certificates”.
Step #2: Go to the right in the Actions column, click on “Create Certificate Request”.
Step #3: Enter all of the subsequent information about your company and the domain you are securing and then click “Next”.
Step #4: Allow the default Cryptographic Service Provider. Rise the Bit length to 2048 bit or higher. Click Next.
Step #5: Browse the filename to save the request certificate and click Finish. You will require that contents of this file to enroll an SSL Certificate.
Request Certificate from Certificate Provider
Now, you have certificate signing request (CSR). Choose your Wildcard SSL Certificate and provide company information to verify your identity.
|Comodo Positive SSL Wildcard||RapidSSL Wildcard||Comodo PositiveSSL Multi-Domain Wildcard|
|Our Cheapest Price||$45.00/yr.||$96.00/yr.||$90.00/yr.|
|Buy Now||Buy Now||Buy Now|
|Secure||Unlimited Subdomains||Unlimited Subdomains||Multiple Domains & Its All Subdomains|
|Issuance Time||10 Minutes||10 Minutes||10 Minutes|
|Key Encryption||2048 bits||2048 bits||2048 bits|
|Google Rankings Boost|
|Green Address Bar|
|SAN / UCC Support|
|Warranty By CA||USD $10,000||USD $10,000||USD $10,000|
|Refund Policy||30 days||30 days||30 days|
|Buy Now||Buy Now||Buy Now|
The certificate request process varies by Certificate Authority. Now, open the .txt file which contains the certificate request. Copy the encrypted certificate request and paste it in the appropriate field on the order form.
When you fulfill the certificate request form and endow it with payment, please check your email to get an SSL Certificate delivered by the certificate provider.
After generating your CSR, you will receive the certificate from the certificate vendor. Now you can proceed to install your certificate. Our next article will explain in detail How to Install Wildcard SSL Certificate in IIS 7.