Welcome to deBUG.to Community where you can ask questions and receive answers from Microsoft MVPs and other experts in our community.
1 like 0 dislike
in Blog Post by 8 19 25
edited by

To keep your website traffic secure by encrypting the information that is sent to or from your website. You need to get an SSL certificate and you must create a certificate signing request (CSR).

What is CSR?

The CSR is a message sent from an applicant to a certificate authority (CA) of the public key infrastructure to apply for a digital identity certificate.

  • The CSR contains data that the certificate authority (CA) will need to create your certificate, such as your common name, organization, city, state, and region.
  • The CSR also contains your public key and signature to verify your identity and secure communications of your site.

CSR Properties

How to create CSR?

Creating the CSR depends on the platform you’re using. we will walk you through the steps to build a CSR while using IIS.


  1. In the server that you want to generate the CSR, Open IIS.


If IIS is not installed, you have to check How to install IIS in Windows 11?

  1. The IIS should be now opening as shown below

  1. Now, Click on the "Server Certificates".

  1. Then, Click "Create a certificate request".

  1. Fill out all fields
  • Common name: Site domain name. Ex: if your domain site is debug.to, you have to add it exactly with the same domain name in the "Common Name" field.
  • Organization: Company's registered name. Ex: "debug"
  • Organizational unit: Company's shortcut name or department name. Ex: "IT".
  • City/ locality: City where company is located.       
  • State/province: State/province where company is located.
  • Country/region: Country where company is located.


  1. Select the "Cryptographic service provider" and choose the "Bit length" as below.


  1. Then, specify where you want to save the CSR file.

  1. Click finish, and the CSR file will be created in Base-64 format.

What should you do after creating the CSR?

  1. Once the CSR has been created, you have to send the CSR file to the security team in your organization.
  2. The security team will submit the CSR to the Certificate Authority which will use the CSR request to create an SSL/TLS certificate for your website.
  3. After the SSL/TLS certificate is created, you will receive three certificates file with .cer or .crt extension for trusted root, intermediate, and personal.

To install the certificates follow the mentioned steps at How to install SSL/TLS certificate?

Trusted Root Intermediate Vs personal Certificate

Now, leat's have an over view abour each kind of certificate:

  • Trusted root certificate: It is a self-signed certificate, that is a public-key certificate whose digital signature may be verified by the public key contained within the certificate. it forms the foundation of the certificate chain.

  • Intermediate certificate: It is a cross-signed certificate that creates alternate trusted paths to the personal certificate and provides an additional level of security.

  • Personal certificate: It used to identify the client and authenticating site owners, and inform that the interaction with the website is secure and that the website accurately represents who they claim to be.

Ref: DigiCert.

If you don’t ask, the answer is always NO!