Implementing a PKI, Part II: Configuring IIS 6.0 - Request a Server Certificate through Web Enrollment Support (Page 3 of 5 ) - Open Internet Explorer and connect to http://servername/certsrv, where servername is the name of the Web server where the certificate authority you want to access is located.
- On the Welcome page, click Request a certificate.
- On the Request a Certificate page, click Advanced certificate request.
- Click Create and submit a request to this CA.
- Fill in any information requested and any other options you require.
The form contains the following fields:
- Identifying Information:
- (Common) Name. You must identify the fully qualified domain name for your Web server. For example, if you intend to secure the URL https://secure.mysite.com, then your common name must be secure.mysite.com.
- Company. The exact legal name of your organization. Do not abbreviate your organization name.
- Department.
- City: The city where your organization is legally located.
- State: The state where your organization is legally located. Do not abbreviate the state.
- Country/Region: The two-letter ISO abbreviation for your country i.e. CY= Cyprus.
- Type of certificate needed
- Select “Server Authentication Certificate” from the drop-down list.
- Key options
- Select “Create new key set.”
- Select from the drop down list of the CSP, “Microsoft Enhanced Cryptographic Provider v1.0.” Have in mind that a CSP is responsible for creating keys, destroying them, and using them to perform a variety of cryptographic operations.
- Select for Key Usage: Both. This option sets the purpose of the certificate to be used for securely exchanging information and digitally signing messages.
- Key Size: 1024
- Select Automatic key container name.
- Select Mark keys as exportable. When you mark keys as exportable, you can save the public and private key to a PKCS #12 file. This is useful if you change computers and want to move the key pair, or if you want to remove the key pair and secure them in another location.
- Select Use the local machine store. Select this option if the computer will need access to the private key associated with the certificate when other users are logged on. Select this option when requesting certificates intended to be issued to computers (such as Web servers) instead of certificates issued to people.
- Additional options
- Select Request format: PKCS10.
- Select Hash algorithm: SHA-1.
- Give a Friendly name to your certificate. Please use something meaningful.
- Click Submit. A dialog appears informing you that the request has been received and you must return to this website within 10 days to retrieve your certificate.
Note: A request must be retrieved by the same user account on the same computer from which it was submitted. The Web page uses a browser cookie to identify the pending request. If browser cookies are blocked or if you use a different computer, retrieve the certificate directly from the CA by using the Certification Authority MMC snap-in.
- Return to http://servername/certsrv and click on the View the status of a pending certificate request link. Select to Install the certificate. Note that you must first issue the certificate through the CA’s MMC snap-in to complete this step.
- Return to http://servername/certsrv and click on the Download a CA certificate, certificate chain or CRL link. On the Certificate Issued page, click the Download certificate link and save the certificate.
Next: Install CA’s certificate >>
More IIS Articles
More By Eliana Stavrou |
