Create a certificate request
First, the Web server must make a certificate request. To do this, follow these steps:
- Start the Internet Service Manager (ISM), which loads the Internet Information Server snap-in for the Microsoft Management Console (MMC). To do this, click Start, point to Programs, point to Administrative Tools, and then click Internet Service Manager or Internet Information Services (IIS) Manager.
- Double-click the server name so that you see all of the Web sites. In IIS 6.0, expand Web Sites.
- Right-click the Web site on which you want to install the certificate, and then click Properties.
- Click the Directory Security tab, and then click Server Certificate under Secure Communications to start the Web Server Certificate Wizard.
- In IIS 6.0, click next. If you are running IIS 5.0, go to step 6.
- Select create a new certificate and click next.
- Select Prepare the request now, but send it later and click next.
- Type a name for the certificate. You may want to match the certificate name to the name of the Web site. Now, select a bit length; the higher the bit length, the stronger the certificate encryption. Select Server.
- Gated Cryptography if your users may be coming from countries with encryption restrictions.
- Type your organization name and the organizational unit (for example, PLM and IMS). Click Next.
- Type the fully qualified domain name (FQDN) or the server name as the common name.
- Enter your location information, and then click next.Type the path and file name to save the certificate information to, and click next to continue.
- Verify the information that you have typed, and then click Next to complete the process and create the certificate request.
Submit a certificate request
- Open a browser and browse to : http://YourWebServerName/CertSrv/
- Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. In Notepad, open the request document that you created in the "Create a certificate request" section. In IIS 6.0, you can also click Browse for a file to insert.
- Paste the contents of the document into the Web form's Base64 Encoded Certificate Request text box.
- Under Certificate Template, select Web Server or User, and then click Submit.
- If Certificate Server is set to Always Issue the Certificate, you can access the certificate immediately. To do this, follow these steps:
- Click Download CA Certificate (do not click Download CA Certificate path or Download certificate chain).
- When you are prompted, select save this file to disk and save the certificate to your desktop or another location that you will remember. You may now go directly to the "Install the certificate and set up an SSL Web site" section.
Install the certificate and set up an SSL Web site
To install the certificate, follow these steps:
- Open the Internet Services Manager and expand the server name so that you can view the Web sites.
- Right-click the Web site for which you created the certificate request and click Properties.
- Click the Directory Security tab. Under Secure Communications, click Server Certificate. This starts the Certificate Installation Wizard. Click Next to continue.
- Select Process the pending request and install the certificate and click Next.
- Type the location of the certificate that you downloaded in the "Issue and download a certificate" section, then click next. The Wizard displays the Certificate Summary. Verify that the information is correct, and then click next to continue.
- Click Finish to complete the process.
Configure and test the certificate
To configure and test the certificate, follow these steps:
- On the Directory Security tab, under Secure Communications, note that there are now three available options. To set the Web site to require secure connections, click Edit. The Secure Communications dialog box appears.
- Select Require Secure Channel (SSL) and click OK.
- Click Apply and then OK to close the property sheet.
- Browse to the site and verify that it works. To do this, follow these steps:
- Access the site through HTTP by typing http://localhost/validuser.html in the browser. You receive an error message that resembles the following: "HTTP 403.4 - Forbidden: SSL required."
- Try to browse to the same Web page using a secured connection (HTTPS) by typing https://localhost/validuser.html in the browser.
You may receive a security alert that states that the certificate is not from a trusted root CA. Click Yes to continue to the Web page. If the page appears, you have successfully installed your certificate.