The Steps Involved In Generating The CSR For A PKI Certificate In Windows 2012

As a user-friendly option in a server, it is no wonder that Windows 2012 is a top pick by both IT professionals as well as those new to the world of ecommerce, website security and managing multiple domains and subdomains.

It is important to realize that the Windows 2012 server does a lot of things automatically through the Internet Information Services (IIS) Manager. For those looking for a simple and streamlined process the number of screens and clicks can be frustrating, which is why we offer a few different products, including our Comodo Certificate Manager and Enterprise Public Key Infrastructure Manager for businesses where there may be hundreds of SSL/TLS (Secure Sockets Layer/Transport Layer Security) products to manage and maintain.

To get started, as with all server platforms, the first step in obtaining any digital certificate for a domain or subdomain is to start with a Certificate Signing Request (CSR). And, just like with all servers and all Certificate Signing Requests, it is critical do this on the server you wish to install the PKI certificate. Windows 2012 will allow for the export and subsequent import of the SSL/TLS product into other servers, but the Certificate Signing Request has to match the server where the cert will be installed.

Generating the CSR

The CSR is more than just an application for a PKI certificate for Windows 2012 servers. While it does form an essential part of the application, it is also the document that the Certificate Authority (CA) uses to validate or verify the information you provide.

The CSR is a block of code or encrypted text that your server creates. Some of the information you will provide and some is generated by the server itself. This is why it is so important to use the specific server for the PKI certificate for Windows 2012 that the domain you wish to secure.

The manual entry component to the CSR for the PKI certificate for Windows 2012 will include the Fully Qualified Domain Name (what you type in the web browser to get to the site).

You will also add the legal name of the business, individual or organization, the unit of the organization applying for the cert and the geographic information for the business. This will include the city, state and country. Additionally, you will need to include a valid email address. This is often the IT administrator or the website owner or manager.

The automatically generated part of the Certificate Signing Request will be one of the keys needed for Public Key Cryptography. This will be the public key. This Public Key Infrastructure allows for the encrypting and decrypting of information by the public key and a private key.

At the same time as the public key is generated and added to the Certificate Signing Request, there is also a private key that is generated. This private key is not included in the CSR and is never shared. However, the public and the private key are mathematically related to allow them to be able to encrypt and decrypt online the data from the other key.

With Windows 2012

Generating the Certificate Signing Request for the PKI certificate for Windows 2012 is done through the IIS Manager. Locate the icon from the server home panel that says Server Certificates.

This will load a new screen, click on the Create Certificate Request on the right hand side of the screen under Actions. Click on this and Request Certificate form will be displayed. This is where you will fill the information about your company, location and the Common Name (Fully Qualified Domain Name) for the site.

Next, you will be asked to enter the bit length for the for the encryption key. Standards now recommend a 2048 bit length, but it is possible to have a higher bit key. This can sometimes slow down a server as it uses more resources.

Click Next and then designated the file name. This will then be sent to our team at Comodo through the application for the specific SSL/TLS product you request. We will have the files ready for you in a zip file in just minutes, so you can quickly complete the install.

If you need assistance in selecting the best match in a PKI certificate for your needs, give us a call at +1 888 266 6361. You are also welcome to contact us through the website at or check out our knowledgebase for more info.

Related Articles
Back to TOP