To generate a CSR, you will need to create a key pair for your server.
Generate a certificate signing request (CSR) file
1. Click Start > All Programs > Administrative Tools > Internet Services Manager (IIS) Manager
2. Double-click the Server Name > Web Sites folder
3. Under Web Sites, right-click the corresponding Web site you wish to secure
4. Click Directory Security tab
5. Under Secure communications, click Server Certificate
6. Select Create a new certificate
Note: If you are renewing an SSL certificate, select Renew the current certificate. This will generate a CSR based on the information of the certificate currently installed on the server.
7. Select Prepare the request now, but send it later
8. Enter a name for the certificate
9. Select a bit length for the certificate
10. Do not check the box for Select cryptographic service provider (CSP) for this certificate
11. Complete the information requested by the IIS Certificate Wizard to create a private key that is stored locally on your server and a Certificate Signing Request that you will use during the enrollment process. The Wizard will prompt for the following X.509 attributes of the certificate:
Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Corporationn would be XYZ Corportation or XY and Corporationon.
Organizational Unit (OU): This field is the name of the department or organization unit making the request.
Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".
12. Click Finish to exit the IIS Certificate Wizard. A CSR file has been generated.
Note: Upon completing the Certificate Wizard, it is important to leave the request pending for successful certificate installation. Choosing the option to delete the pending request from the Certificate Wizard will prevent installation of the certificate that is returned.