Skip to main content












How to generate a CSR


Sometimes you may need to request a new certificate or renew an existing one and your Certificate Authority (CA) will ask for a Certificate Signing Request (CSR) file in order to issue it. This article describes how to generate a CSR using the Internet Information Services (IIS) Manager on Windows Operating System or using OpenSSL on a Linux distribution.


After completing this how-to you will have two files: one containing a private key, that you should keep in a safe location; and another one containing a CSR request that you should send to your CA.

Windows Operating System

First Step

  1. Begin by opening the Internet Information Services (IIS) Manager. From the Start button select Programs>AdministrativeTools> Internet Information Services Manager;
  2. On the Connections left panel, click on the server name;

  3. On the center panel, double-click Server Certificates in the Security section (it is near the bottom of the menu);

  4. Next, on the Actions panel(on the right), click on Create Certificate Request. This will open the Request Certificate Wizard;

  5. In the Distinguished Name Properties window, enter your company information. Click Next;

  6. In the Cryptographic Service Provider Properties window select Microsoft RSA SChannel Cryptographic Provider and select 2048 for Bit length. Click Next;

  7. In the File Name window, enter a filename and path for the CSR file. The CRS file will be created on this location. Click Finish;

  8. Backup the private key:
    1. Open Microsoft Management Console (MMC);
    2. On the File menu, select the option Add/Remove Snap-in;
    3. From the Available snap-ins, select Certificates and click Add>;
      1. Select Computer Account, click Next and then pick Local Computer. Click Finish;
    4. Click OK;
    5. On the left panel, select the folder Console Root> Certificates > Certificate Enrollment Requests;
    6. Right-click on your certificate and choose All Tasks > Export;
    7. Leave the default settings selected and click Next;
    8. Set a password on the private key backup file and click  Next;
    9. Click on Browse and select a location where you want to save the private key Backup file to and then click Next  to continue. By default, the file will be saved with a .pfx extension;
    10. Click  Finish, to complete the export process.

Second Step

You can send the CSR file to you Certificate Authority.

Third Step

Complete the Certificate Request

When you have the certificate provided by the CA, you need to install it.

  1. Open the Internet Information Services (IIS) Manager on the same server you have created the CSR file.
  2. On the Connections left panel, click on the server name;

  3. On the center panel, double-click Server Certificates in the Security section (it is near the bottom of the menu);

  4. Next, on the Actions panel(on the right), click on Complete Certificate Request.

  5. Select the certificate file and set the Common name to be the same as the Friendly name you set before. Click OK.

Export the Certificate

Exporting/Backing Up to a .pfx File

  1. On the Start menu click Run and then type mmc.
  2. Click File > Add/Remove Snap-in.
  3. Click Certificates > Add.
  4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
  5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
  6. Right-click on the certificate you want to backup and select ALL TASKS > Export.
  7. Choose Yes, export the private key and include all certificates in certificate path if possible
    Warning: Do not select the delete private key option.
  8. Leave the default settings and then enter your password.
  9. Choose to save the file and then click Finish. You should receive an "export successful" message. The .pfx file is now saved to the location you selected.

Linux Operating System

You can use OpenSSL to generate a Certificate Signing Request (CSR).

  1. Open a terminal and browse to a folder where you would like to generate your keypair
  2. Input the openssl command with the following arguments to generate the private key and CSR request: 
Field Example
Country Name US (2 Letter Code)
State or Province Texas (Full State Name)
Locality Dallas (Full City name)
Organization Example Inc (Entity's Legal Name)
Organizational Unit   IT (Optional, e.g. a department)
Common Name * (Domain or Entity name)


You should now have a Private Key (privatekey.key) in PEM format, which should stay on your computer, and a Certificate Signing Request (CSR.csr), which can be submitted to a Certificate Authority (CA) to sign your public key.

For Cloud Infrastructures

Since you do not have access to the cloud servers, you'll need to follow the steps above in your own computer. Once you have completed these steps, if you wish to install the certificate in your OutSystems Platform Enterprise Cloud Infrastructure, please follow the steps described in the following article: Enable Custom SSL Domain In OutSystems PaaS