www.geekybob.com

IIS 6: Setting up SSL - Part 2: Submitting a Certificate Request and Obtaining a Certificate

16 February 2011 • by Bob • IIS, SSL

In part two of my series on setting up SSL on IIS 6, I'll describe the steps that are necessary to obtain an SSL certificate. Typically you would submit your certificate request to any one of several Certificate Authorities (CA); and there are several that are available. Here are just a few:

• Thawte Digital Certificates
  http://www.thawte.com/
• VeriSign Digital Certificates
  http://www.verisign.com/

The steps to obtain a certificate differ for each CA, and it would be way outside the scope of my limited blogspace to include the steps for every CA on the Internet. So for my blog series I'm going to show how to use Certificate Services on Windows Server 2003 to obtain a certificate. This part of the process is broken into three steps:

• Submit the Certificate Request
• Certificate Processing
• Obtain the Certificate

Submit the Certificate Request

1. Browse to the "Certificate Services" website, and then click the link to "Request a Certificate":

   

2. Click the link to submit an "advanced certificate request":

   

3. Click the link to "Submit a certificate request by using a base-64 encoded file":

   

4. Copy the text from your certificate request file and paste it into the "Base-64 Encoded Certificate Request" text box, then click "Submit":

   

5. By default, Certificate Services will return a message stating that your certificate is pending. You will need to notify your Certificate Services administrator that your certificate needs to be approved.

   

Note: As an alternative to copying the text from your certificate request file, when you are using Certificate Services on Windows Server 2003, you can use the application to read the file for you. To do so, you would need to change the step where you copy and paste the text to the following steps:

1. Click the link to "Browse for a file to insert":

   

2. You may be prompted whether to allow an ActiveX control to run; this warning may appear because the web application uses an ActiveX control to read the certificate request file. In order to continue, you need to click "Yes":

   

3. When the subform appears, click the Browse button:

   

4. Locate your certificate request file, and then click "Open":

   

5. Click the "Read" button to load the text from your certificate request file, this will insert it into the form:

   

6. Once the text from your certificate request file has been inserted, you can submit the form as you would have done if you had copied and pasted the text manually.

Certificate Processing

At this point the Certificate Authority (CA) will consider your request. I'll post a blog later with details about processing a request using Certificate Services on Windows Server 2003.

Obtain the Certificate

When your certificate request has been processed, you need to use the following steps to save your certificate to your system before you can process it.

1. Browse to the "Certificate Services" website, and then click the link to "View the status of a pending certificate request":

   

2. Click the link for your approved request.

   

3. Click the link to "Download CA certificate":

   

4. When prompted, click "Save":

   

5. Save the file to somewhere convenient, like your desktop:

   

In the next post of this blog series, I'll show you how to install your certificate on IIS 6.

Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

Tags: IIS, SSL, Certificates