**<WRAP centeralign><fs 1.8em><color #0065cd> USING MICROSOFT IIS TO GENERATE CSR AND PRIVATE KEY </color></fs></WRAP>**

----

**<WRAP leftalign><fs 1.2em> Generate a CSR in Microsoft IIS 7 </fs></WRAP>**

1. Click Start, then Administrative Tools, then Internet Information Services (IIS) Manager. \\ 
2. Click on the server name. \\ 
3. From the center menu, double-click the “Server Certificates” button in the “Security” section (it is near the bottom of the menu). \\ 

{{:home:knowledge_base:webstation:website:iis:generate_a_csr_3.png?direct 500|}}

4.  Next, from the “Actions” menu (on the right), click on “Create Certificate Request.” This will open the Request Certificate wizard.

{{:home:knowledge_base:webstation:website:iis:generate_a_csr_4.png?direct 500|}}

5. In the “Distinguished Name Properties” window, enter the information as follows:

  * **Common Name** – The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., www.domain.com or mail.domain.com).
  * **Organization** – The legally registered name of your organization/company.
  * **Organizational unit** – The name of your department within the organization (frequently this entry will be listed as “IT,” “Web Security,” or is simply left blank).
  * **City/locality** – The city in which your organization is located.
  * **State/province** – The state in which your organization is located.

{{:home:knowledge_base:webstation:website:iis:generate_a_csr_5.png?direct 500|}}

6. Click Next. \\ 
7. In the “Cryptographic Service Provider Properties” window, leave both settings at their defaults (Microsoft RSA SChannel and 2048) and then click next.

{{:home:knowledge_base:webstation:website:iis:generate_a_csr_7.png?direct 500|}}

8. Enter a filename for your CSR file. \\ 
9. Remember the filename that you choose and the location to which you save it. You will need to open this file as a text file and copy the entire body of it (including the Begin and End Certificate Request tags) into the online order process when prompted.

{{:home:knowledge_base:webstation:website:iis:generate_a_csr_9.png?direct 500|}}

**<WRAP leftalign><fs 1.2em> Back Up Private Key </fs></WRAP>**
1. From your server, go to Start > Run and enter mmc in the text box. Click on the **OK** button. \\ 
2. From the Microsoft Management Console (MMC) menu bar, select Console > **Add/Remove Snap-in**. \\ 
3. Click on the Add button. Select Certificates from the list of snap-ins and then click on the **Add** button. \\ 

{{:home:knowledge_base:webstation:website:iis:backup_private_key_3.png?direct 500|}}

4. Select the Computer account option. Click on the **Next** button. \\ 
5. Select the **Local computer** (the computer this console is running on) option. Click on the **Finish** button. \\ 
6. Click on the **Close**  button on the snap-in list window. Click on the **OK** button on the Add/Remove Snap-in window. \\ 
7. Click on Certificates from the left pane. Look for a folder called **REQUEST** or “**Certificate Enrollment Request> Certificates** \\ 

{{:home:knowledge_base:webstation:website:iis:backup_private_key_7.png?direct 500|}}

8. Select the private key that you wish to backup. Right click on the file and choose > **All Tasks > Export**  

{{:home:knowledge_base:webstation:website:iis:backup_private_key_8.png?direct 500|}}

9. The certificate export wizard will start, please click  **Next ** to continue. In the next window select **Yes, export the private key** and click **Next** \\ 
10. Leave the default settings selected and click **Next**.

{{:home:knowledge_base:webstation:website:iis:backup_private_key_10.png?direct 500|}}

11. Set a password on the private key backup file and click  **Next** \\ 
12.  Click on **Browse** and select a location where you want to save the private key Backup file to and then click **Next ** to continue. By default the file will be saved with a .pfx extension. \\ 
13. Click  **Finish**, to complete the export process 


**<WRAP leftalign><fs 1.2em> Convert to RSA Private Key Format </fs></WRAP>**

The private key is backed up as a ‘.pfx’ file, which stands for Personal Information Exchange. \\ 
To convert it to RSA Private Key format supported by inSync: \\ 
1. Download and install latest version of OpenSSL for windows from   http://www.slproweb.com/products/Win32OpenSSL.html. \\ 

<WRAP info>**Note:** OpenSSL requires [[https://www.microsoft.com/en-us/download/|Visual C++ 2008 Redistributables]] which can be downloaded from the same website.</WRAP>

2. Open command prompt, navigate to **C:\OpenSSL-Win32\bin>**, and run the following commands.

<code>
Set OPENSSL_CONF=c:\openssl-win32\bin\openssl.cfg 
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
openssl rsa -in key.pem -out myserver.key
</code>

3. The private key will be saved as ‘myserver.key’. \\ 
4. Carefully protect the private key. Be sure to backup the private key, as there is no means to recover it, should it be lost. \\ 


Credits:[[https://docs.druva.com/Knowledge_Base/inSync/How_To/Using_Microsoft_IIS_to_generate_CSR_and_Private_Key|Druva]]