First, generate certificate signing Request (CSR) in IIS
Personal understanding: The generation of a CSR is the creation of a "private/public key pair" from which the public key is extracted.
1. Open IIS Manager, select Server certificates in the root node, click the Create certificate Request on the right ..., and then fill in the corresponding distinguished Name Properties (see figure below).
Common name to fill in the domain name (if used for all level two domain name, fill *. domain name), organization company name, organizational unit to fill in the department name.
2. Select Microsoft RSA SChannel Cryptographic Provider in the cryptographic service Provider and select 2048 in bit length.
3. Select the save path for the build file, and when you are done, you will see the CSR content that begins with the "-----begin NEW Certificate REQUEST-----" in the generated TXT file. This is the next CSR to be used when generating the CA certificate in the CA institution.
Ii. Purchase and create CA certificate from CA organization
Here to GoDaddy as an example.
1. Open GoDaddy.com Web site, through the menu to enter the products-> ssl&security-> SSL certificates, select Protect all subdomains ("wildcard"), In pick your plan type, select Standard (validates domain ownership) and complete the purchase.
2. Enter my account-> SSL certificates, create a certificate (certificate), and copy the previously obtained CSR content to the CSR text box at the time of creation.
3. Access to enter the approval process of GoDaddy, in the approval process needs to verify the owner of the Domain name (DNS fill in records or upload HTML files to the site directory), the success of the validation will soon be generated CA certificate.
4. Download the CA certificate file to the server that generated the CSR.