Microsoft IIS 7– Guide to Installing Root Certificates ... - Trustis

bubblesradiographerΔιακομιστές

4 Δεκ 2013 (πριν από 3 χρόνια και 4 μήνες)

238 εμφανίσεις


Trustis Limited
Building 273 New Greenham Park Greenham Common Thatcham RG19 6HN
E: info@trustis.com W: www.trustis.com
Registered in England No: 03613613



Microsoft IIS 7– Guide to
Installing Root Certificates,
Generating CSR and
Installing certificate







Copyright
©
Trustis Limited 2010. All rights reserved.


T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 2 of 17
© Trustis Limited 2010
Table of Contents


1 Introduction .............................................................................................................. 3
2 Installing the Root & Intermediate Certificates: ......................................................... 3
2.1 Installing the Root CA Certificate ....................................................................... 3
2.2 Installing the Issuing CA Certificate ................................................................... 7
3 Certificate Signing Request (CSR) Generation ......................................................... 8
4 Installing your SSL Server Certificate ..................................................................... 14






T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 3 of 17
© Trustis Limited 2010
1 Introduction
This document specifies instructions for Installing the Root and Intermediate certificates,
generating your CSR, and Installing your certificate.
2 Installing the Root & Intermediate Certificates:
Firstly, you need to download the CA certificates (both Root CA certificate and Issuing
Authority certificate) as individual files

DER format Root CA certificate
– found at
http://www.trustis.com/pki/healthcare/ops/fpsroot-der.crt

DER format Healthcare TT Issuing Authority certificate
– found at
http://www.trustis.com/pki/healthcare/ops/healthcarett-der.crt
To install these certificates, you must first enable the Certificates Snap-in for the
Microsoft Management Console (mmc)
1. Click the Start Button then select Run and type mmc
2. Click File and select Add/Remove Snap in
3. Select Certificates from the Available Snap-ins box and click Add
4. Select Computer Account and click Next
5. Select Local Computer and click Finish
6. Click OK to Close the Add or Remove Snap-ins box
7. Return to the MMC

2.1 Installing the Root CA Certificate
1. Right click the Trusted Root Certification Authorities. Select All Tasks, select
Import.

T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 4 of 17
© Trustis Limited 2010

This starts the certificate import wizard

T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 5 of 17
© Trustis Limited 2010

2. Click Next

The File to Import dialog is shown



3. Locate the Root CA Certificate file you downloaded earlier and click Next.

T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 6 of 17
© Trustis Limited 2010
4. Click Next to Confirm the location of the Certificate


5. When the wizard is completed, click Finish. Click OK to close the small ‘Import
successful’ message.














T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 7 of 17
© Trustis Limited 2010
2.2 Installing the Issuing CA Certificate
1. Right click the Intermediate Certification Authorities. Select All Tasks, select
Import.



2. Complete the import wizard again, but this time locating the Issuing CA
Certificate when prompted for the Certificate file.
When both certificates have been installed:
• Ensure that the Root CA certificate appears under Trusted Root Certification
Authorities
• Ensure that the Issuing CA certificate appears under Intermediate Certification
Authorities
Close the MMC



T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 8 of 17
© Trustis Limited 2010
3 Certificate Signing Request (CSR) Generation

A CSR is a file containing your IIS SSL certificate application information, including your
Public Key. Generate your CSR and then copy and paste the CSR file into the webform
in the enrolment process:
1. Select Administrative Tools
2. Start Internet Information Services (IIS) Manager
3. Click on the Server in the left hand pane. On the right, you should see an icon
called Server Certificates. Double click on this.



4. On the far right of the window, there will appear a set of Actions. Click on Create
Certificate Request...


T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 9 of 17
© Trustis Limited 2010


5. A Request Certificate windows will appear. Complete the fields. The Common
Name field should be the
Fully Qualified Domain Name
(FQDN) or the web
address for which you plan to use your IIS SSL Certificate, e.g. the area of your
site you wish customers to connect to using SSL. For example, an Instant SSL
Certificate issued for trustis.com will not be valid for www.trustis.com. If the
web address to be used for SSL is www.trustis.com, ensure that the common
name submitted in the CSR is www.trustis.com. Click Next.

T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 10 of 17
© Trustis Limited 2010


6. For Cryptographic service provider, choose Microsoft RSA SChannel
Cryptographic Provider. For Bit length, choose 2048. Click Next.


T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 11 of 17
© Trustis Limited 2010


7. Enter a filename and location to save your CSR. You will need this CSR to enrol
for your IIS SSL Certificate. Click Finish.


T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 12 of 17
© Trustis Limited 2010


8. When you make your application, make sure you include the CSR in its entirety
into the appropriate section of the enrolment form - including
-----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST--
---
For example:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIEgzCCA2sCAQAwezELMAkGA1UEBhMCR0IxETAPBgNVBAgMCE15IFN0YXRlMRAw
DgYDVQQHDAdNeSBDaXR5MRowGAYDVQQKDBFZb3VyIENvbXBhbnkgTmFtZTEMMAoG
A1UECwwDV2ViMR0wGwYDVQQDDBR3d3cubXlkb21haW5uYW1lLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOmU8zddVcPQVbgTn1nxZB5y0V+wcbVG
5rZEtw3PubreLkziFH/6MnNThsMST5P0PeUvTz4n0Yn+p0+DuU7qOHPofLjVzGnw
cWFEcNnwnsFjdenf9caFOuotTxYfCYCCghLF2lGpQGBTeBMDK4FKtCrkl+crtBIY
RixV88Fh4EXV27+zU+pLrps4dSb0POy+kN0xMQxIIbX592dB3xGu/52wXUibGDOS
SMGW0wX+9n1PfjdC7oSgr331dMSlE29d7Q1eLGPlPu2tZk6bJ1XWkhkTj4lKhTSM
gVPvsFwcKE3rJ8UQcW19LLlGGK42TYrLP9SXIG2R4SC7Xo0BNsUesV0CAwEAAaCC
AcEwGgYKKwYBBAGCNw0CAzEMFgo2LjEuNzYwMC4yMF0GCSsGAQQBgjcVFDFQME4C
AQUMHVdJTi1DQzJEM1NMN1ExNS50cnVzdGlzLmxvY2FsDB1XSU4tQ0MyRDNTTDdR
MTVcQWRtaW5pc3RyYXRvcgwLSW5ldE1nci5leGUwcgYKKwYBBAGCNw0CAjFkMGIC
AQEeWgBNAGkAYwByAG8AcwBvAGYAdAAgAFIAUwBBACAAUwBDAGgAYQBuAG4AZQBs
ACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgMB
ADCBzwYJKoZIhvcNAQkOMYHBMIG+MA4GA1UdDwEB/wQEAwIE8DATBgNVHSUEDDAK
BggrBgEFBQcDATB4BgkqhkiG9w0BCQ8EazBpMA4GCCqGSIb3DQMCAgIAgDAOBggq
hkiG9w0DBAICAIAwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglghkgBZQME
AQIwCwYJYIZIAWUDBAEFMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBQG
gaFdCuG/t4BwFSG7w+F17xCYXjANBgkqhkiG9w0BAQUFAAOCAQEAz3o65PuPULJh
616mMxFRnlDJSgRiZ28s9Xo9CJSlSiZkvYGGJoHdMvAtn9rzBIZN1PpG+wUaPjpw
o8K89CflbGyFsIswB0yDzfypBwl07HETyZhwLoFQYTa0EFAnNkgAacSTBUeMowb4

T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 13 of 17
© Trustis Limited 2010
GcxdcpV2h7WVHUwOpX49A0SZOD8FIb0Ob5pmuNervoxyU+4UtVMYVnF50sjfzPYY
/i/D2MUKvpPbNO1Rg2Eu+9fqatdt+uoI3H6l8Y+Zj6hi5WfWZB8wak3fgSM41+LZ
T0q/N2WQqZyLp+zSnqeJerNLa4+LmyhpnDOvHtX0xhCdt96lYW4tMlg4ZZtwO8Kd
AEEy8DqPeQ==
-----END NEW CERTIFICATE REQUEST-----

9. Click Next
10. Confirm your details in the enrolment form
11. Finish




T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 14 of 17
© Trustis Limited 2010
4 Installing your SSL Server Certificate

You will receive an email from the Registration Authority when your certificate request
has been approved, that contains a link to a location where your certificate may be
obtained. Clicking on this link will bring up a browser window that contains the details of
your issued certificate and includes a section that looks something like the following:
-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXA
hAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMS
Aw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----
Copy everything you see between and including the lines that look like
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
Paste the CSR into an appropriately named text file e.g. myserver.crt
1. Select Administrative Tools
2. Start Internet Information Services (IIS) Manager
3. Click on the Server in the left hand pane. On the right, double click on Server
Certificates.


T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 15 of 17
© Trustis Limited 2010


4. On the far right of the window, there will appear a set of Actions. Click on
Complete Certificate Request...


T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 16 of 17
© Trustis Limited 2010


5. Enter the location details and a Friendly Name for the file you just created. Click
OK.


T-0104-003-AP-001 IIS7 guide - V0.1.docx Page 17 of 17
© Trustis Limited 2010


You will now see the server certificate in the list of Server Certificates.