Creating certificates in IIS

=====Create Certificate in IIS=====

1. Logon to T1Hi, remote desktop to the server you want to create a certificate.

2. Left click on the root server, all the available icons will show on the right hand side panel.

3. Under IIS, (at root site) double click on server certificate. => in right hand side panel click Create certificate request.

4. Fill out the certificate request form with the following information:

  • Common Name: the url of the site. Make sure you put dev- if it is for a test site.
  • Organization: WSU
  • Organization Unit: CAHNRS
  • City: Pullman
  • State: WA
  • Country: US

5 =>Next

  • Cryptographic Service provider properties: use default
  • Bit length: change to 2048

6. => Next

File name: CSR_YourApplicationName (CSR_dev_YourApplicationName for test site).

Click on ellipses and specify where you want to put the certificate. A good place to put the certificate is E:\htmldocs\YourApplicationName

=====Send generated certificate for approval=====

1. Logon to LastPass, search cert-manager.com

2. Launch cert-manager (In-Common Certificate Manager). Use the email and access code in cert-manager to sign in to In-Common.

3. Fill out the followings:

  • Certificate type: use default
  • Certificate Term: 3 years
  • Server Software: Microsoft IIS5x or later
  • CSR: copy and paste the certificate you saved in server E:\htmldocs\YourApplicationName
  • Common name: Your Application URL
  • Renew: auto renew 30 days before expiration The renewal password is in LastPass Certi-manager

On top part of the page, click the link to edit address detail. Remove Hulbert room 303.

4. Click Enroll to request the certificate.

You will receive email from Certificate Services Manager indicating your request is waiting for approval.

=====Attach Signed Certificate to Site=====

1. In a day or two (or same day if you are lucky) you will receive another email from Certificate Services Manager indicating your SSL certificate enrollment is successful and is ready. Open the email.

2. There are different formats of the certificate. Download the "X509 Certificate Only, Base 64 encoded: " version. Save the certificate in E:\htmldocs\YourApplicationName

3. Sign on to T1Hi, remote desktop to the server. In IIS (root site), right hand side panel click on Complete certificate request. Fill out the form.

  • File name containing the certificate authority's response: e:\htmldocs\YourApplicaitonName signed Certificate.
  • Friendly Name: Your Application Name (no dev- for test) Certificate will add to the server certificates.
  • Certificate store = personal

4. Right Click on site, edit binding =>Add=> Your application site

  • https:
  • ip:
  • port: 443
  • Host Name: url of the site
  • check on "Required server name indication"
  • select certificate

5. DONE