| 104 |
| Request a certificate for a Web server |
| Secure Sockets Layer (SSL) is the most common solution for securing communication between |
| your Web server and clients. To use SSL, you have to first install a certificate on the Web server. If |
| your organization doesn't have its own Certificate Authority (CA) server, you can get server |
| certificates from another certificate authority. |
| Open Internet Information Services, right-click on the site you want to secure, and select |
| On the Directory Security tab, click Server Certificate, click Next, and select Create A New |
| In the resulting dialog box, select Prepare The Request Now, But Send It Later, and click Next. |
| Type the name for the certificate and bit length, and then click Next. Type your organizational |
| name and organizational unit in the box provided, then click Next. Enter the name of your Web |
| In the next dialog box, provide some geographical information and click Next. Enter the location |
| and the name for the certification request, then click Next. |
| Verify the information and click Next, and then click Finish. |
| If you use Microsoft CA server, follow these steps to issue the certificate. If you use another CA |
| server, consult the documentation for that server. |
| Submit the certificate through Microsoft Certificate Authority. |
| Open Internet Explorer and type "<server>/certsrv" (replace <server> with the name of CA server). |
| Select Request A Certificate and click Next; select Advanced Request and click Next. |
| Select Submit A Certificate Request Using A Base64 Encoded PKCS #10 File Or A Renewal |
| Request Using A Base64 Encoded PKCS #7 File, and then click Next. |
| Open the certificate request file you created previously, copy and paste its contents into the form |
| provided, and click Submit. |
| Accept the request and issue the certificate. |
| In the Administrative Tool folder, open the Certification Authority console, and select Pending |
| Right-click the pending certificate, select All Tasks, and then select Issue. |
| Retrieve the certificate from your CA server. |
| Go back to Internet Explorer and type "server/certsrv", select Check On A Pending Certificate, and |
| Select the certificate and click Next, and then select DER Encoded, and click Download CA |
| Select a folder in which to store the certificate, and click Save. |
| Import the certificate into IIS. |
| Go back to the Internet Services Manager console, right-click the site and select Properties, and |
| then, in the Directory Security tab, click Server Certificate. |
| Select Process The Pending Request And Install The Certificate, and click Next. Type the path to |
| the CA response file you just saved and click Next. |
| Verify the information and click Next, and then click Finish. |
| Click Edit, select Require Secure Channel (SSL). (For additional security select Require 128-bit |
| Click OK and close all dialog boxes. |
First Previous Next Last |