iis7guide

8/11/2019 iis7guide

http://slidepdf.com/reader/full/iis7guide 1/17

Trustis Limited

Building 273 New Greenham Park Greenham Common Thatcham RG19 6HN

E: [email protected] W: www.trustis.com

Registered in England No: 03613613

Microsoft IIS 7– Guide toInstalling Root Certificates,

Generating CSR andInstalling certificate

Copyright ©

Trustis Limited 2010. All rights reserved.

8/11/2019 iis7guide


8/11/2019 iis7guide


T-0104-003-AP-001 IIS7 guide - V0.1.docx of 17

© Trustis Limited 2010

1 IntroductionThis document specifies instructions for Installing the Root and Intermediate certificates,

generating your CSR, and Installing your certificate.

2 Installing the Root & Intermediate Certificates:

Firstly, you need to download the CA certificates (both Root CA certificate and IssuingAuthority certificate) as individual files

• DER format Root CA certificate – found athttp://www.trustis.com/pki/healthcare/ops/fpsroot-der.crt

• DER format Healthcare TT Issuing Authority certificate – found athttp://www.trustis.com/pki/healthcare/ops/healthcarett-der.crt

To install these certificates, you must first enable the Certificates Snap-in for theMicrosoft Management Console (mmc)

1. Click the Start Button then select Run and type mmc 2. Click File and select Add/Remove Snap in 3. Select Certificates from the Available Snap-ins box and click Add 4. Select Computer Account and click Next 5. Select Local Computer and click Finish 6. Click OK to Close the Add or Remove Snap-ins box7. Return to the MMC

2.1 Installing the Root CA Certificate

1. Right click the Trusted Root Certification Authorities. Select All Tasks, selectImport.

8/11/2019 iis7guide




This starts the certificate import wizard

8/11/2019 iis7guide




2. Click Next

The File to Import dialog is shown

3. Locate the Root CA Certificate file you downloaded earlier and click Next.

8/11/2019 iis7guide




4. Click Next to Confirm the location of the Certificate

5. When the wizard is completed, click Finish. Click OK to close the small ‘Importsuccessful’ message.

8/11/2019 iis7guide




2.2 Installing the Issuing CA Certificate

1. Right click the Intermediate Certification Authorities. Select All Tasks, selectImport.

2. Complete the import wizard again, but this time locating the Issuing CACertificate when prompted for the Certificate file.

When both certificates have been installed:

• Ensure that the Root CA certificate appears under Trusted Root CertificationAuthorities

• Ensure that the Issuing CA certificate appears under Intermediate CertificationAuthorities

Close the MMC

8/11/2019 iis7guide




3 Certificate Signing Request (CSR) Generation

A CSR is a file containing your IIS SSL certificate application information, including yourPublic Key. Generate your CSR and then copy and paste the CSR file into the webformin the enrolment process:

1. Select Administrative Tools 2. Start Internet Information Services (IIS) Manager 3. Click on the Server in the left hand pane. On the right, you should see an icon

called Server Certificates. Double click on this.

4. On the far right of the window, there will appear a set of Actions. Click on CreateCertificate Request...

8/11/2019 iis7guide




5. A Request Certificate windows will appear. Complete the fields. The CommonName field should be the Fully Qualified Domain Name (FQDN) or the webaddress for which you plan to use your IIS SSL Certificate, e.g. the area of yoursite you wish customers to connect to using SSL. For example, an Instant SSLCertificate issued for trustis.com will not be valid for www.trustis.com. If theweb address to be used for SSL is www.trustis.com, ensure that the commonname submitted in the CSR is www.trustis.com. Click Next.

8/11/2019 iis7guide




6. For Cryptographic service provider, choose Microsoft RSA SChannelCryptographic Provider. For Bit length, choose 2048. Click Next.

8/11/2019 iis7guide




7. Enter a filename and location to save your CSR. You will need this CSR to enrolfor your IIS SSL Certificate. Click Finish.

8/11/2019 iis7guide




8. When you make your application, make sure you include the CSR in its entiretyinto the appropriate section of the enrolment form - including-----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----

For example:

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIEgzCCA2sCAQAwezELMAkGA1UEBhMCR0IxETAPBgNVBAgMCE15IFN0YXRlMRAw

DgYDVQQHDAdNeSBDaXR5MRowGAYDVQQKDBFZb3VyIENvbXBhbnkgTmFtZTEMMAoG

A1UECwwDV2ViMR0wGwYDVQQDDBR3d3cubXlkb21haW5uYW1lLmNvbTCCASIwDQYJ

KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOmU8zddVcPQVbgTn1nxZB5y0V+wcbVG

5rZEtw3PubreLkziFH/6MnNThsMST5P0PeUvTz4n0Yn+p0+DuU7qOHPofLjVzGnw

cWFEcNnwnsFjdenf9caFOuotTxYfCYCCghLF2lGpQGBTeBMDK4FKtCrkl+crtBIY

RixV88Fh4EXV27+zU+pLrps4dSb0POy+kN0xMQxIIbX592dB3xGu/52wXUibGDOS

SMGW0wX+9n1PfjdC7oSgr331dMSlE29d7Q1eLGPlPu2tZk6bJ1XWkhkTj4lKhTSM

gVPvsFwcKE3rJ8UQcW19LLlGGK42TYrLP9SXIG2R4SC7Xo0BNsUesV0CAwEAAaCC

AcEwGgYKKwYBBAGCNw0CAzEMFgo2LjEuNzYwMC4yMF0GCSsGAQQBgjcVFDFQME4C

AQUMHVdJTi1DQzJEM1NMN1ExNS50cnVzdGlzLmxvY2FsDB1XSU4tQ0MyRDNTTDdR

MTVcQWRtaW5pc3RyYXRvcgwLSW5ldE1nci5leGUwcgYKKwYBBAGCNw0CAjFkMGIC

AQEeWgBNAGkAYwByAG8AcwBvAGYAdAAgAFIAUwBBACAAUwBDAGgAYQBuAG4AZQBs

ACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgMB

ADCBzwYJKoZIhvcNAQkOMYHBMIG+MA4GA1UdDwEB/wQEAwIE8DATBgNVHSUEDDAK

BggrBgEFBQcDATB4BgkqhkiG9w0BCQ8EazBpMA4GCCqGSIb3DQMCAgIAgDAOBggq

hkiG9w0DBAICAIAwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglghkgBZQME

AQIwCwYJYIZIAWUDBAEFMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBQG

gaFdCuG/t4BwFSG7w+F17xCYXjANBgkqhkiG9w0BAQUFAAOCAQEAz3o65PuPULJh

616mMxFRnlDJSgRiZ28s9Xo9CJSlSiZkvYGGJoHdMvAtn9rzBIZN1PpG+wUaPjpw

o8K89CflbGyFsIswB0yDzfypBwl07HETyZhwLoFQYTa0EFAnNkgAacSTBUeMowb4

8/11/2019 iis7guide




GcxdcpV2h7WVHUwOpX49A0SZOD8FIb0Ob5pmuNervoxyU+4UtVMYVnF50sjfzPYY

/i/D2MUKvpPbNO1Rg2Eu+9fqatdt+uoI3H6l8Y+Zj6hi5WfWZB8wak3fgSM41+LZ

T0q/N2WQqZyLp+zSnqeJerNLa4+LmyhpnDOvHtX0xhCdt96lYW4tMlg4ZZtwO8Kd

AEEy8DqPeQ==

-----END NEW CERTIFICATE REQUEST-----

9. Click Next 10. Confirm your details in the enrolment form11. Finish

8/11/2019 iis7guide




4 Installing your SSL Server Certificate

You will receive an email from the Registration Authority when your certificate requesthas been approved, that contains a link to a location where your certificate may beobtained. Clicking on this link will bring up a browser window that contains the details ofyour issued certificate and includes a section that looks something like the following:

-----BEGIN CERTIFICATE-----MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAFUbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw(.......)

E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA-----END CERTIFICATE-----

Copy everything you see between and including the lines that look like-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----

Paste the CSR into an appropriately named text file e.g. myserver.crt

1. Select Administrative Tools

2. Start Internet Information Services (IIS) Manager 3. Click on the Server in the left hand pane. On the right, double click on Server

Certificates .

8/11/2019 iis7guide




4. On the far right of the window, there will appear a set of Actions. Click onComplete Certificate Request...

8/11/2019 iis7guide




5. Enter the location details and a Friendly Name for the file you just created. ClickOK.

8/11/2019 iis7guide




You will now see the server certificate in the list of Server Certificates.

iis7guide

Documents

Transcript of iis7guide