Jul 08, 2019 How to generate a CSR code on IIS8. July 8, 2019. Find the Actions section in the right corner of the window and click on Create Certificate Request. As the cryptographic service provider. Starting from December 20, 2010, 1024-bit key length is considered insecure, so it is necessary to select 2048- or 4096-bit length. You might have seen some older documentation that mentioned a 4096 bit key. Please use the newest docs for support info and command lines to create a CSR. I got a few tips to help you troubleshoot your issue: 1. A simple way to know if the file generated is using 1024 or 2048 or higher key size is by looking at the first few characters of the CSR File. In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next. Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility. Overview: We are going to first create a dummy site in IIS, generate a new CSR request for the dummy site using a 2048-bit key, install a new certificate on the dummy site, and then replace the expiring certificate on your real site with the new 2048-bit key/certificate from the dummy site.
In order to generate a CSR code on a Windows server or your Windows desktop through IIS 8, please follow the next steps:
- Open Internet Information Services (IIS) Manager from the Start menu, or by pressing Win+R, then typing inetmgr and clicking Ok. The instructions on how to enable IIS on the desktop are shown here.
- Double-click on the Server Certificates icon in the section for the required server:
![Generate Csr With 2048 Bit Key Generate Csr With 2048 Bit Key](https://ztabox.com/en/img/knowledgebase/10/csrcwp1.png)
3. In the new window, find the Actions section in the right corner of the window and click on Create Certificate Request… to open the Request Certificate wizard:
2048 Bit Encryption
4. Another new window will appear where it is necessary to enter Distinguished Name Properties (domain name and your contact details for the certificate request) . Every field should be filled only with alphanumeric characters and cannot be empty. The descriptions are explained below:
- Common name – fully qualified domain name you wish to secure with the SSL certificate, for example, domain.com or www.domain.com. For the wildcard certificate, put an asterisk in front of the domain name so that it looks like *.domain.com;
- Organization – full name of the officially registered company, or you can just put NA;
- Organization unit – specific department of the company provided above; can be specified as NA too;
- City/locality – full name of the city or town;
- State/province – full name of the state or province. If you do not have one, just put your city or town name;
- Country/region – two-letter country code from the drop-down.
5. Click Next and a new screen will appear. Select Microsoft RSA SChannel Cryptographic Provider as the cryptographic service provider. Starting from December 20, 2010, 1024-bit key length is considered insecure, so it is necessary to select 2048- or 4096-bit length:
Generate Csr With 2048 Bit Key Ring
6. In the next window, provide the name of the certificate request file and location where it should be saved. You can either type it manually, or click on the “…” button to select the destination:
![Bit Bit](https://cloud.netlifyusercontent.com/assets/344dbf88-fdf9-42bb-adb4-46f01eedd629/cffcc824-bc88-4b4e-ba6f-f207eec898e9/cpanel-private-key-confirmation-large-opt.png)
7. Click Finish to complete the generation. Now you can find the text file with the CSR code in the selected folder. You need to copy the whole contents along with the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– lines and paste the code in the corresponding box during activation. Note: Before activating the certificate, you can check if the CSR code is generated correctly via this online tool .