Logon to Windows Server, generate CSR File

Generating Certificate Signing Request (CSR) using CERTREQ command


Note: Alternatively, you can generate Certificate Signing Request using IIS Manager and MMC Certificate Snap-In (CERTREQ has been use in this case to definite further parameters that is required on the certificate itself).

  

1. Login to server where you need the certificate to be applied


2. Open notepad and create an INF file with the following information:



3. Save the file as certreq-info.inf.


4. Open command prompt as a local administrator and run the following command:


     certreq.exe -New “<path to>\certreq-info.inf”  “C:\certreq-request.req”


5. Rename the certificate-request.req file to .txt then open with notepad to see if you can view content.


6. Copy content of CSR to any online SSL certificate checker/decoder online to verify that the information you provided are correct and no issue on the certificate itself.


7. Send the certificate-request.txt to your trusted SSL certificate provider/vendor for processing.


8. Once you have the certificate from your provider, on the same server as you created the certificate, copy the certificate to the system root.


9. To install the certificate, use the following command:


     certreq.exe -Accept C:\<sslcertfilename>.cer


10. Open MMC Certificate Snap-In and verify your Certificate Enrolment Request is there and information are correct:



Logon to SSL Certificate Service Provider.


1. Purchase new Domain Validated (DV) SSL certificate. Select SSL Certificate type, for example RapidSSL single domain.


2. Upload CSR file generated from Windows Server.



           







3. Retrieve TXT Record




Logon to Domain Account to Add TXT Record

For example using GoodDaddy domain service provider, 


1. Select My Product 


2. Look for the Domain and select DNS


4. Select Add New Record.



The Time to Live (TTL) for a TXT record, which indicates how long a DNS server should cache the record. is often set between 1800 to 3600 seconds (30 minutes to 1 hour) for general purposes. Follow the recommendation from the SSL Certificate Service Provider. 



5. Check SSL Certificate status is Active



6. Download copy of the certificate with file type "individual .crt files with .cer extensions (zipped)"