Note:
You must have Service Pack 4 or higher or MS Internet Explorer 5 and higher
Creating
a Certificate Signing Request
Open
the Key Manager. Go to the Key menu and select Create New Key.
Select
Put the request in a file that you will send to an authority.
Enter a file and path in the text box that you will remember.
Example:
C:\NewKeyRq.txt.
Click
Next.
Enter
your key name as specified in the previous step. Enter and confirm a
password.
Warning:
If you lose the password, you must purchase another certificate.
When
creating a CSR you must follow these conventions.
Enter
the Distinguished Name Field information.
The
following characters are not accepted: < > ~ ! @ # $ % ^ * / \ ( )
?&.
Contact ipsCA
For further Information: Email: Phone: +34 91 6402052
Distinguished
Name Field
Explanation
Example
Common
Name (Server Host Name)
The
fully qualified domain name for your web server. You will get a
certificate name check warning if this is not an exact match.
If
you intend to secure the URL https://secure.yourURL.com, then your
CSR's Server Hostname must be secure.yourURL.com
Organization
Name
The
exact legal name of your organization. Do not abbreviate
IPS
S.L.
Organizational
Unit
Optional
for additional organization information
Marketing
City
or Locality
The
city where your organization is located.
Atlanta
State
or Province Name
The
state or province where your organization is located. It cannot be
abbreviated.
Georgia
Country
Name
The
two-letter ISO abbreviation for your country
US
= United States
Requester
Name
Your
Name
John
Doe
Server
Admin.'s email address
Your
email address
abc@yourURL.com
Telephone
Number
Your
Telephone Number
(xxx)
xxx-xxxx
After
you close out of the key manager, click on Yes to Commit all
Changes.
Warning:
If you do not click yes, your private key will not be saved and your
certificate from IPSCA will not be installed.
Submit
your CSR to IPSCA.
Note:
Remember to back up your key pair file.
Backing up your key
pair file
Unlike
other files, key pair files cannot be just copied. To create a back up, you
must "export" your key. To restore your certificate, you must
"import" your key.
This
process assumes that identical web server configurations are used for exporting
the key as well as for importing the key. So both servers must be IIS. You
can't go from one type of server to another.
Exporting
your key (This will be your pending request)
Open
your Microsoft Management Console via the IIS Internet Service
Manager.
Click
to open the Key Manager.
Select
the key to be exported. (The key with the slash)
Select
the Key menu and choose Export Key Backup File. Click OK in the
Key Manager Warning box.
Specify
the destination for saving your key, press OK.
Close
your Key Manager and Management Console windows.
Please
remember your password that was used to install your certificate. You
will need this password if you ever need to recover your certificate
through the import process.
Submit
your CSR to IPSCA.
CSR installation
Microsoft Internet Information Server 4.0
Microsoft IIS customers
trying to obtain Server Certificates, may run into problems
from a number of different sources when trying to install a certificate.
Firstly, you may encounter certain problems if your e-mail program corrupts
the certificate that you receive from IPSCA. Secondly, you may have
problems if you do not use a supported server configuration. Finally,
your customers may have problems establishing SSL sessions if they
are using older browsers, Please make sure that you follow the steps
below, and you should not encounter any problems in providing the special
services enabled by these products to your customers.
Installing a Server Certificate on MicroSoft IIS 4.0.
Stage 1: Installing the Intermediate CA Certificate.
The intermediate CA certificate uses the import facility within IE5.
Step 1
The Intermediate CA certificate can be
downloaded from here
Step 2
Copy the Intermediate CA Certificate and save it as a text file, with Notepad. Remember to include the lines ----BEGIN CERTIFICATE--- and ---END CERTIFICATE--- Do not use Word or other word processors. These add various formatting characters that may prevent correct operation.
Step 3
Check to see if a copy of IE5, or above, is installed in the server. If not, please install a copy of this browser now.
Step 4
Select Internet Options from the IE Tools menu.
Select Content tag.
Step 5
Select Certificates button.
Step 6
Select Import button.
Step 7
The Certificate Import Wizard starts.
Step 8
Select the Next button.
Step 9
Browse to the Intermediate CA Certificate text file.
Select the Next button.
Step 10
Select "Place all certificates in the following store" radio button.
Step 11
Select the Browse button.
Step 12
Tick the "Show physical stores" box.
Step 13
Select and expand the "Intermediate Certificate Authorities" folder and select "Local computer".
Step 14
Select the OK button.
Step 15
Select the Next button.
Step 16
Select the Finish button.
You will be able to view the imported Intermediate CA Certificate in IE along with all the regular certificates.
Step 17
Select OK in the next dialog box.
Step 18
Select the Close button.
Step 19
Select the OK button.
Step 20
Stop and restart the Web server. Users should now be able to connect the Web server
via https at 128 bit.
Stage 2: Installing the Server Certificate.
Step 1
Copy the Server Certificate from the certificate email and save it as a text file, with Notepad. Remember to include the lines ----BEGIN CERTIFICATE--- and ---END CERTIFICATE--- Do not use Word or other word processors. These add various formatting characters that may prevent correct operation.
Step 2
Open Internet Service Manager.
Step 3
Select the Key Manager icon.
Step 4
Select Local Computer and WWW icon.
Step 5
Select the key that was created for this server certificate.
Step 6
Select the menus items Key, Install Key Certificate.
Step 7
Browse to the saved server certificate text file and select Open button.
