This appendix walks you through the steps to configure certificates obtained from a commercial certification authority. You can also create a local certification authority. For more information, see Appendix B: Setting up a Local Certification Authority.
The following procedure generates a new certificate request to be sent to a certification authority (CA) for processing.
Create a certificate request from a commercial CA
- Click Start, point to All Programs, point to Administrative Tools, and select Internet Information Services (IIS) Manager.
- Double-click the local computer, and then double-click the Web Sites folder.
- Right-click the Web site you are requesting a certificate for and click Properties.
- On the Directory Security tab, under Secure Communications, click Server Certificate.
- In the Web Server Certificate Wizard, on the Welcome page, click Next.
- On the Server Certificate page, select Create a new certificate, and then click Next.
- On the Delayed or Immediate Request page, select Prepare the request now, but send it later and click Next.
- On the Name and Security Settings page, in the Name box, type a friendly name for the site.
This name is not critical to the functioning of the certificate, so pick a name that is easy to refer to and to remember.
- In the Bit length box, select the bit length of the key you want to use.
- If you want to use cryptographic service provider (CSP), select the Select Cryptographic Service Provider (CSP) for this certificate check box, and then click Next.
- On the Organization Information page, in the Organization box, type your organizations name, then in the Organizational unit box, type your organizational unit, and then click Next.
For example, if your company is called Fabrikam, Inc. and you are setting up a Web server for the Sales department, you would enter Fabrikam for the organization and Sales for your organizational unit.
- On the Your Sites Common Name page, in the Common name box, type the common name (CN) for your site, and then click Next.
Note that if this certificate will be exported to the ISA Server computer, the name on the certificate match the name you use to publish the Web site in the Web publishing rule. If this certificate will remain on the Web server, the name on the certificate must match the name that ISA Server uses to refer to the Web server, which is the name on the To tab of the Web publishing rule.
- On the Geographical Information page, type your information in Country/Region, State/province, and City/locality boxes, and then click Next.
It is important that you do not abbreviate the names of the state/province or city/locality.
- On the Certificate Request File Name page, in the File name box, type a name for the certificate request file that you are about to create, and then click Next.
This file will contain all the information that you included in this procedure, as well as the public key for your site. This creates a .txt file when the procedure steps are completed. The default name for the file is Certreq.txt.
- On the summary page, verify that all of the information is correct, and then click Next.
- On the Completing the Web Server Certificate page, click Finish.
- Click OK to close the Web Site Properties dialog box.
Important The common name of the certificate must match the fully-qualified internal DNS name of the Web server running Windows SharePoint Services or the CN that ISA Server will accept requests from in the Web Publishing Rule.