Create Webserver SSL Certificate for IIS Default Website

• Open IIS Administration (specific steps below are for IIS6)
• Click +Websites
• Right-click Default Website and select Properties.
• Select the Document Security Tab.
• Under the section of Secure Communications, click Server Certificate button and the Web Server Certificate Wizard starts. Click Next.
• Select radio button next to Create a New Certficate, and click Next.
• Select radio button next to Prepare the request now, but send it later, and click Next.
• Type a Name for the New Certificate

Name: host.domain.com
Bit length:  accept 1024
Check the box for Select Cryptographic Provider (CSP), and click Next.
Select radio button next to Microsoft RSA SChannel Cryptographic Provider.
Organization information - 
Organization:  Your Organization Name (like IBM)
Organizational Unit: Your Organization Unit / Division (like IBM Services).  Click Next.
Common Name for your site:  host.domain.com
Country: US (United States)
State / Province: enter name of your state. Next.

Save the certreq.txt file to your documents folder.

It is time t o

In Internet Explorer address input on the server, go to

http://exchange_server_IP/certsvr

Upon login challenge, respond by entering the login credentials of the server Administrator, such as:

Username: DOMAINNAME\Administrator

Password: (the Administrator Password)

Microsoft Certificate Services should appear in the browser. Under Select a Task, Select the link to Request a Certficate. On the next page, Select the link to Submit an Advanced Certificate Request. On the next page, Select the linke for Submit a Certificate Request by Submitting a Base-64-encoded CMC or PKCS #10 file.

The next page should be captioned, Select a Certificate Request or Renewal Request.

Click Browse for file to insert. (Before the browser will let you browse for a file, you may first need to add this website to trusted sites in your browser security settings). Browse again for CERTREG.TXT file you saved earlier. Click the READ button to insert the contents of CERTREG.TXT. Select the appropriate Certificate Template: Web Server Leave Additional Attributes Input box empty. Next. Download certificate file as - Base64 encoded - named certnew.cer and save it to your documents folder.

Now its time to

• You can check the Certificate Authority (start, programs, administrative tools, certificate authority) to see if the issued web server certificate is listed there.
• *Close CA.

• Open IIS Administration, and
• right click Default Website, and
• select Properties.
• Select Document Security Tab and
• click the button for Server Certificate. The Wizard commences again. Click Next.
• Select radio button to Process Pending Request and Install Certificate. Click Next.
• Select: CertNew.cer file that you downloaded and saved earlier.
• Click Open, Click Next.
• Select Port 443 to remain as HTTPS / SSL port.

• Review the certificate information shown and to Install Certificate Click Next.

The information shown will look something like this:

Issued To:  host.domain.com
Issued By:  host.domain.com
Expiration Date:  9-18-2011
Intended Purpose:  Server Authentication
Friendly Name: host.domain.com
Country: US
State: Confusion (or the name of your state)
Organization:  XYC Inc
Organization Unit: XYZ Inc Services

• Click Next - Successfully installed - Click Finish
• Suggest restarting w3svc
• How to restart w3svc?
• Open a command prompt > click Start, Run, type CMD, OK or enter.
• At command prompt type -

net stop w3svc (enter)

Service is stopping

net start w3svc (enter)

Service is starting