Purchasing an SSL certificate from a third-party provider

Winhost > SSL

What Is a CSR and Why Do I Need One?

A CSR (Certificate Signing Request) is a small file you generate on your computer. Think of it like a job application form. It contains information about your website and your company. When you want to buy an SSL certificate from a third-party provider (like GoDaddy, Namecheap, or another CA), they need this file from you in order to create your certificate.

 

Once they have your CSR, they will verify your information and issue your SSL certificate. You will then need to install that certificate. This guide walks you through the whole process, step by step.

 

What You Will Need Before You Start

  • A Windows computer (Windows 10 or Windows 11 is fine).
  • IIS (Internet Information Services) — this is a free feature that comes with Windows. It is not turned on by default, but we will show you how to turn it on below.
  • The domain name you want to secure (for example, www.yoursite.com).
  • Basic information about your company (name, city, state, country).

 

Step 1 — Turn On IIS (If You Have Not Already)

IIS is a built-in Windows feature that is usually turned off. Here is how to turn it on:

 

  1. Click the Start button (the Windows logo in the bottom-left corner of your screen).
  2. Type Turn Windows features on or off and click on it when it appears.

 

 

  1. In the list that appears, look for Internet Information Services. Check the box next to it.
  2. Click OK and wait for Windows to finish. This may take a couple of minutes.

 

 

Tip: If the box next to Internet Information Services is already checked, IIS is already installed and you can skip to Step 2.

 

Step 2 — Open IIS Manager

  1. Click the Start button and type IIS or Internet Information Services Manager.
  2. Click on Internet Information Services (IIS) Manager to open it.

 

Step 3 — Create the Certificate Request (CSR)

This is where you generate the CSR file that you will send to the SSL certificate provider.

 

  1. In IIS Manager, look at the left-hand side panel. Click on your computer's name (it will be at the very top of the list).
  2. In the middle section, look for an icon called Server Certificates. Double-click on it.

 

  1. On the right-hand side, click Create Certificate Request... A window will open asking for your information.

 

 

Fill in each field as follows (do not worry — it is just basic information about you and your website):

 

Field

What to Enter

Common Name

The full domain name you want to secure. Example: www.yoursite.com. If you want a Wildcard certificate that covers all subdomains, use *.yoursite.com.

Organization

The legal name of your business or organization. If you are an individual, you can use your full name.

Organizational Unit

The department handling this. If you are unsure, you can type IT or just your company name again.

City / Locality

The city where your organization is located.

State / Province

Your state or province. Spell it out fully (example: California, not CA).

Country

The two-letter country code. For the United States, enter US.

 

 

  1. Click Next. On the next screen, you will see a Cryptographic Service Provider and a Bit Length. Leave these settings as they are (the defaults are fine) and click Next again.
  2. On the last screen, you will be asked to save the file. Click the ... button to choose where to save it. Save it somewhere easy to find, such as your Desktop. Name it something you will recognize, like mysite_csr.txt.
  3. Click Finish. Your CSR file has been created and saved!

 

 

Tip: Do not delete or move this file after you save it. You will need it in the next step, and IIS will also need to find it later when completing the certificate installation.

 

Step 4 — Submit Your CSR to Your SSL Provider

Now that you have your CSR file, it is time to purchase your SSL certificate from a third-party provider (such as GoDaddy, Namecheap, Comodo, or any other provider of your choice).

 

  1. Open the CSR file you saved in the previous step. You can do this by right-clicking the file and selecting Open with > Notepad.
  2. You will see a block of text that starts with -----BEGIN CERTIFICATE REQUEST----- and ends with -----END CERTIFICATE REQUEST-----. Select all of this text and copy it (Ctrl + A, then Ctrl + C).
  3. Go to your SSL provider's website and start the SSL certificate purchase process. When they ask for your CSR, paste the text you copied into the box they provide.
  4. Complete the purchase and follow any verification steps your provider requires. They will email you when your certificate is ready.

 

Note: Every SSL provider is a little different. If you are not sure where to paste the CSR, look for a step in their checkout or order process labeled 'Enter CSR' or 'Configure Certificate'.

 

Step 5 — Complete the Certificate Installation in IIS

Once your SSL provider emails you the certificate, you will need to complete the installation in IIS. This connects the certificate to the request you made earlier.

 

  1. Save the certificate file your provider sent you to your computer (usually a .crt or .cer file).
  2. Open IIS Manager again and go back to Server Certificates (same as Step 2).
  3. On the right-hand side, click Complete Certificate Request...
  4. Click the ... button to browse to the certificate file you saved. Give it a friendly name you will recognize (for example, MySiteSSL) and click OK.

 

 

Your certificate is now installed in IIS. The next step is to export it as a PFX file so you can upload it to Winhost.

 

Step 6 — Export the Certificate as a PFX File

Winhost needs the certificate in a specific format called PFX (also known as PKCS#12). This file bundles your certificate together with its private key. Here is how to export it:

 

  1. In IIS Manager, go back to Server Certificates. Find the certificate you just installed in the list.
  2. Click on it once to select it, then on the right-hand side click Export...
  3. Choose where to save the file and give it a name (for example, mysite_certificate.pfx). You will also be asked to create a password — write this down, as you will need it when uploading to Winhost.
  4. Click OK. Your PFX file is now saved on your computer.

 

 

Step 7 — Upload the PFX to Winhost

The last step is to upload your PFX file to the Winhost Control Panel so it can be installed on your site.

 

  1. Log in to your Winhost Control Panel and go to Sites > [your domain] > SSL Manager.
  2. Click Upload PFX.
  3. Browse for the PFX file you exported in Step 6 and enter the password you created for it.
  4. Click Upload to install the certificate on your site. That's it!

 

 

 

Note: After your certificate is installed, remember to set up a forced HTTPS redirect so visitors always use the secure version of your site. See the Force HTTPS with URL Rewrite knowledge base article for instructions.

 

Note: If you run into any trouble at any step, contact Winhost Support. Have your domain name and the step number from this guide ready — it will help us assist you faster.

 

Article ID: 1777, , Modified: 3/13/2026 at 4:16 PM

Was this article helpful?

Share this article
Bluesky
Facebook
Threads
X / Twitter
Other Social Networks
Print