SSL Certificate Installation Instructions
Microsoft IIS 5 & 6
Firstly when your issuance email arrives it will contain your web server certificate.
Copy your web server certificate into a text editor such as notepad including
the header and footer. You should then have a text file that looks like:
-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----
Make sure you have 5 dashes to either side of the BEGIN
CERTIFICATE and END CERTIFICATE and that
no white space, extra line breaks or additional characters have been inadvertently
added. Copy your web server certificate into a text editor such as notepad and
save as yourdomain.cer.
Installing your web server certificate
1. Start IIS and right click Default Web Site and select Properties
from the menu.
2. When the Properties appear, click on the Directory Security
tab.
3. Click on Server Certificate and follow the on screen wizard:
• Ensure that you select Process the pending request
and install the certificate. Click Next.
• Locate the yourdomain.cer
file when prompted to locate your webserver certificate. Click Next.
• Review the summary screen and ensure that you
are processing the correct certificate. Click Next.
• Click Next on the confirmation screen.
4. Make sure that you have assigned Port 443 as the SSL
port for https for your site. To do this, right click Properties for your
website and make sure that 443 has been entered into the SSL port box:
Test your certificate by connecting to your server. Use the https protocol
directive (e.g. https://your server/) to indicate you wish to use secure HTTP.
The padlock icon on your Web browser will be displayed in the locked position
if you have set up your site properly.
Backing up your key pair file
Creating your Snap-in Management Console
Certificate Snap-in consoles (MMC) are not preconfigured. You will need
to configure the Snap-in before you can perform any Export/Import functionality.
To configure your Snap-in, follow the steps below. The system administrator
will have to create the console.
- Go to Start. Select Run, Type mmc and
click OK. This will bring up an empty console with no management
functionality.
- Click on Console select Add/Remove Snap-in.
- The Snap-ins added to box will list only the Console Root.
Click Add.
- Select Certificates and then click Add.
- Select Computer Account.
- Click on Finish.
- Click Close.
- Click on OK.
Managing your certificates
- Go to the Microsoft Management Console (MMC) and
add the Snap-in for Certificates.
- Select the folders Console Root\Certificates(Local Computer)\Personal\Certificates.
- Right click on the certificate to export.
- Select All Tasks and Export.
- The Welcome to the Certificate Manager Import Wizard window opens.
Click Next.
- Select Yes, export the private key. Click Next.
- Make sure the Personal Information Exchange- PKCS # 12 (.pfx) box is
selected.
Warning: Make sure that the "Delete the private key if the export
is successful" is NOT checked.
- Check the box Enable strong protection requires IE5.0, NT4.0 SP4 or
above. Select Next.
- Check the box to Include all certificates in the chain.
- Type and confirm your export password. (Note: this password
field can be left blank, but we recommend using a good password for security)
Warning: If you lose the password, you must purchase another certificate.
Save the file to a disk or other form of media. You should choose a
form of media that you would be able to recover if your system has to be rebuilt.
Save this file in a secure location.
*** Microsoft has an alert addressing a problem with exporting and importing
certificates.***
Service Pack 2 is intended to correct this problem. There is also a hotfix
that may be obtained from Microsoft that must be run prior to exporting and
importing your certificate. Please go to the following URL for more information
contact us.
http://support.microsoft.com/support/kb/articles/Q261/6/55.ASP
|