Request a certificate for an IIS web server

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Request a certificate for a web server

Before you can use SSL, you have to first install a certificate on your IIS web server.

  • In IIS, right-click on the site you want to secure
  • Select Properties
  • On the Directory Security tab, click Server Certificate
  • Click Next and select Create A New Certificate
  • Select Prepare The Request Now, But Send It Later and click Next
  • Type a name for the certificate and bit length, and then click Next.
  • Type your organizational name and organizational unit in the box provided and click Next.
  • Enter your Web server name and click Next.
  • In the next dialog box, provide some geographical information and click Next.
  • Enter the location and the name for the certification request, then click Next.
  • Verify the information and click Next, and then click Finish.
If you use Microsoft's CA server, use these steps to issue the certificate.
  • Open Internet Explorer and type "CAserverName/certsrv"
  • Select Request A Certificate and click Next
  • Select Advanced Request and click Next
  • Select Submit A Certificate Request Using A Base64 Encoded PKCS #10 File or A Renewal Request Using A Base64 Encoded PKCS #7 File and then click Next.
  • Open the certificate request file you created previously, copy and paste its contents into the form provided, and click Submit.

Accept the request and issue the certificate

  • In the Administrative Tool folder, open the Certification Authority console, and select Pending Requests
  • Right-click the pending certificate, select All Tasks, and select Issue

Retrieve the certificate from your CA server

  • In IE type "CAserverName/certsrv"
  • Select Check On A Pending Certificate, and click Next.
  • Select the certificate and click Next
  • Select DER Encoded, and click Download CA Certificate
  • Select a folder in which to store the certificate, and click Save

Import the certificate into IIS

  • Go back to the Internet Services Manager console
  • Right-click the site and select Properties
  • In the Directory Security tab, click Server Certificate
  • Select Process The Pending Request And Install The Certificate and click Next.
  • Type the path to the CA response file you saved and click Next
  • Verify the information and click Next, and then click Finish.

Enable SSL

  • Click Edit, select Require Secure Channel (SSL).
  • For additional security select Require 128-bit Encryption
  • Click OK and close all dialog boxes.

Additional info : Microsoft's Step-by-Step Guide to Certificate Services Web Pages

Featured Links