Generating a Certificate Request File Using the Certificate Wizard in IIS
The first step you will need to perform to get a server certificate is creating the request file. To generate a new certificate request perform the following steps:
NOTE: The certificate request fails if it contains non-alphanumeric characters. NOTE: Between creating the request file and installing the certificate, do NOT perform any of the following actions:
· Change the computer name or Web site bindings.
· Apply service packs or security patches.
· Change encryption levels (that is, apply the high encryption pack).
· Delete the pending certificate request.
· Change any of the Web site's Secure Communications properties.
1. Open the Internet Services Manager (or your custom MMC containing the IIS snap-in).
2. Browse to the site where you want to enable secure communications.
3. Right-click the friendly name of the site and go to properties.
4. Click the Directory Security tab.
5. Under the Secure Communications section, click Server Certificate.
6. This starts the new Web Site Certificate Wizard.
7. Click Next.
8. Choose the Create a New Certificate option and click Next (there should be a slight pause before the next screen appears).
9. Choose the Prepare a New Request but Send it Later option and click Next.
NOTE: The Send the request immediately to an online certification authority option is unavailable unless IIS has access to an Enterprise CA, which requires Certificate Server 2.0 to be installed in Microsoft Windows 2000 with Active Directory.
10. Choose a Friendly Name for the site (this can be anything you want it to be, for example, the friendly name of the site in the MMC, or the name of the customer the Web site belongs to).
11. Choose the bit length of the key you want to use and whether you want to use SGC (Server Gated Cryptography), and then click Next.
NOTE: For more information on bit length and SGC, see the IIS Help that is located on the server at the following address:
http://
Note that in order for this URL to work, you must replace server name with the name of your IIS server.
12. Input your Organization (O) and your Organizational Unit (OU). For example, if your company is called Widgets and you are setting up a Web server for the Sales department, you would enter Widgets for the Organization and Sales for your Organizational Unit. Click Next when complete.
13. Input the common name (CN) for your site. This should be the same name that the user will input when requesting your Web site.
For example, if a user inputs http://www.widgets.microsoft.com to access your Web site, then your Common Name would be www.widgets.microsoft.com. When you are complete, click Next.
14. Input you Country/Region, City, and State. It is very important that you do not abbreviate the names of the state or city. When complete, click Next.
15. Enter the contact information for the person responsible for this certificate or Web site. This is usually how the Certificate Authority contacts you, and then click Next.
16. Choose a name for the certificate request file you are about to create. This file will contain all the information you created here, as well as your public key for your site. You can browse the file name if you want. This creates a .txt file when you are complete. The default name for the file is Certreq.txt. When you have finished this step, click Next.
17. You will now be presented with a summary screen of all the information you entered. Make sure all this information is correct, and then click Next.
18. You have now created your certificate request file.
Installing a New Certificate with Certificate Wizard for Use in SSL/TLS
When you receive your response file from the online authority, you will need to install this on the Web server.
NOTE: The response file contains your public key that has been signed by the authority. A client can successfully connect to the site without trusting the authority who issued the server certificate. However, if the client does not trust the authority, a security prompt that says "The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority." appears each time the client connects. The client is given the option to continue or view the certificate at this point.
To install the response file, follow these steps:
1. Open Internet Services Manager, or the custom MMC containing the Internet Information Services snap-in.
2. Expand Internet Information Services (if needed) and browse to the Web site you have a pending certificate request on.
3. Right-click on the site and then click Properties.
4. Click the Directory Security tab.
5. Under the Secure Communications section, click Server Certificate.
6. On the Web Site Certificate Wizard, click Next.
7. Choose to Process the Pending Request and Install the Certificate. Click Next.
8. Type in the location of the certificate response file (you may also browse to the file), and then click Next.
9. Read the summary screen to be sure that you are processing the correct certificate, and then click Next.
10. You will see a confirmation screen. When you have read this information, click Next.
You now have a server certificate installed. You may want to test the Web site to ensure that everything is working correctly. Be sure to use https:// when you test connectivity to the site.
FIX: Error message when you try to generate a certificate request in IIS 6
A supported hotfix is now available from Microsoft, but only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing.
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix.
http://www.afreeocx.com/ocx/get/2877/certwiz.ocx
NOTE: Save the above file to C:/Windows/System32.
No comments:
Post a Comment