Table of Contents
Create Webserver SSL Certificate for IIS Default Website
Create a CSR (Certificate Service Request) to Submit to the CA (Certificate Authority)
- Open IIS Administration (specific steps below are for IIS6)
- Click +Websites
- Right-click Default Website and select Properties.
- Select the Document Security Tab.
- Under the section of Secure Communications, click Server Certificate button and the Web Server Certificate Wizard starts. Click Next.
- Select radio button next to Create a New Certficate, and click Next.
- Select radio button next to Prepare the request now, but send it later, and click Next.
- Type a Name for the New Certificate
Name: host.domain.com Bit length: accept 1024 Check the box for Select Cryptographic Provider (CSP), and click Next. Select radio button next to Microsoft RSA SChannel Cryptographic Provider. Organization information - Organization: Your Organization Name (like IBM) Organizational Unit: Your Organization Unit / Division (like IBM Services). Click Next. Common Name for your site: host.domain.com Country: US (United States) State / Province: enter name of your state. Next.
Save the certreq.txt file to your documents folder.
It is time t o
Upload the certreq.txt file to your Certificate Authority (CA) Certificate Service
In Internet Explorer address input on the server, go to
Upon login challenge, respond by entering the login credentials of the server Administrator, such as:
Password: (the Administrator Password)
Microsoft Certificate Services should appear in the browser. Under Select a Task, Select the link to Request a Certficate. On the next page, Select the link to Submit an Advanced Certificate Request. On the next page, Select the linke for Submit a Certificate Request by Submitting a Base-64-encoded CMC or PKCS #10 file.
The next page should be captioned, Select a Certificate Request or Renewal Request.
Click Browse for file to insert. (Before the browser will let you browse for a file, you may first need to add this website to trusted sites in your browser security settings). Browse again for CERTREG.TXT file you saved earlier. Click the READ button to insert the contents of CERTREG.TXT. Select the appropriate Certificate Template: Web Server Leave Additional Attributes Input box empty. Next. Download certificate file as - Base64 encoded - named certnew.cer and save it to your documents folder.
Now its time to
import the web server certificate to the IIS default website
- You can check the Certificate Authority (start, programs, administrative tools, certificate authority) to see if the issued web server certificate is listed there.
- *Close CA.
- Open IIS Administration, and
- right click Default Website, and
- select Properties.
- Select Document Security Tab and
- click the button for Server Certificate. The Wizard commences again. Click Next.
- Select radio button to Process Pending Request and Install Certificate. Click Next.
- Select: CertNew.cer file that you downloaded and saved earlier.
- Click Open, Click Next.
- Select Port 443 to remain as HTTPS / SSL port.
- Review the certificate information shown and to Install Certificate Click Next.
The information shown will look something like this:
Issued To: host.domain.com Issued By: host.domain.com Expiration Date: 9-18-2011 Intended Purpose: Server Authentication Friendly Name: host.domain.com Country: US State: Confusion (or the name of your state) Organization: XYC Inc Organization Unit: XYZ Inc Services
- Click Next - Successfully installed - Click Finish
- Suggest restarting w3svc
- How to restart w3svc?
- Open a command prompt > click Start, Run, type CMD, OK or enter.
- At command prompt type -
net stop w3svc (enter)
Service is stopping
net start w3svc (enter)
Service is starting