We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

Create Certificate Request using SHA256 in IISRSS

6 replies

Last post Feb 10, 2017 09:59 AM by ger1820

  • Create Certificate Request using SHA256 in IIS

    Dec 09, 2014 09:00 AM|guilac|LINK

    I have a Windows 2012 R2 Server, with IIS8, and I updated my website to use HTTPS.

    I used the tools in IIS manager to generate the certificate ("Server certificates" -> "Create Certificate Request..."), and it was signed using SHA1 - and I had no option during the process to change this. It may be a problem in the future as SHA1 is about to be deprecated.

    Is there any plan to support SHA256 in IIS in a near future ?

  • Re: Create Certificate Request using SHA256 in IIS

    Dec 10, 2014 01:50 AM|lextm|LINK

    The generator included in IIS Manager is not the only way to create CSR. 

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/f9dfdf68-df16-45c6-a349-72b3129f97fc/how-to-generate-a-csr-in-iis-75-with-sha2-algorithm?forum=winserversecurity 

    Windows/IIS itself already supports SHA-2 certificates if you install them properly. Not sure when Microsoft will update IIS Manager.

    Lex Li
    Want to have a chat on the issues you meet? Book an appointment at https://buy.stripe.com/cN24ia0yi7sAdIA7sv
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Create Certificate Request using SHA256 in IIS

    Mar 06, 2015 02:49 AM|prasok|LINK

  • Re: Create Certificate Request using SHA256 in IIS

    Jan 17, 2016 09:59 AM|sanctions|LINK

    There is 2 ways to create SHA256 (SHA-2) in windows 

    1- OPenSSL

    2- windows Snap-in console
    The second method is very easy and works on all windows serevrs 2003, 2008 , 2012 and XP, 7 to 10
    RUN > MMC > FIle> Add Remove Snap -In... > Certificates > Add
    Personal> Certificates(right click)> All Tasks> Advanced Operations> Create custom request

    check this guide: 

    How to create SHA2 CSR on windows server
    http://day.ir/en-us/articles/ssl/create-csr-sha2-algorithm

    sha256

  • Re: Create Certificate Request using SHA256 in IIS

    Jan 11, 2017 02:30 PM|CharlieTech|LINK

    using option 2 - how would you then import / complete the request in windows... say to use the certificate for a web application in IIS ?

  • Re: Create Certificate Request using SHA256 in IIS

    Feb 02, 2017 04:49 PM|Garethnet|LINK

    You can complete the request using IIS Manager at that point as I have successfully just done that. You can then edit the bindings to use the new certificate.

  • Re: Create Certificate Request using SHA256 in IIS

    Feb 10, 2017 09:59 AM|ger1820|LINK

    Hello Garethnet,

    I have a .csr now which i want to complete \ sign so i have a .cer certificate i can use.

    How did you do that within IIS ?

    thanks in advance

    gr gerard