Obtaining a Server Certificate

There are two ways to obtain a server certificate. You can issue your own certificate, or you can obtain a certificate from a certification authority. The following procedures explain how you can implement certificates on your server. To learn more about certificates, see About Certificates.

Important   It is important to safeguard the certificate and key pair; always back them up onto a disk and keep the disk in a secure place.

To issue your own server certificate

Consider the following issues when deciding whether to issue your own server certificates:

  1. Use Certificate Services to create a customizable service for issuing and managing certificates. You can create server certificates for the Internet or for corporate intranets, giving your organization complete control over certificate management policies. For more information, see the Microsoft Certificate Services documentation.
  2. Use the Web Server Certificate Wizard to request and install your server certificate.

Notes

 

To obtain a server certificate from a certification authority

Note   If you are replacing your current server certificate, IIS will continue to use the old certificate until the new request has been completed.

  1. Find a certification authority that provides services that meet your business needs and then request a server certificate.
  2. Consider the following issues when choosing a certification authority:

    For the latest list of certification authorities supporting Internet Information Services, visit the Microsoft Security Web site at http://backoffice.microsoft.com/securitypartners/. In the By Category list, select Certification Authority Services.

  3. Use the Web Server Certificate Wizard to create a certificate request, which you can send to the certification authority.
  4. Send the request to the certification authority. They will process the request and send you the certificate.
  5. Note  Some certification authorities require you to prove your identify before processing your request or issuing you your certificate.

  6. Use the Web Server Certificate Wizard to install your certificate.

Creating a backup copy of your server certificate and private key

Note   In the previous release of IIS, Key Manager was used to back up server certificates. In this release of IIS, the Web Server Certificate Wizard replaces Key Manager. Because IIS works closely with Windows, you can use the Certificate Manager tool to export and back up your server certificates.

To back up your server certificate
  1. Locate the correct certificate store. This is typically the Local Computer store in Certificate Manager.
  2. Note   If you do not have Certificate Manager installed in the MMC, you will need to install it.

  3. Select the certificate in the Personal store.
  4. Open the Action menu, point to All tasks, and click Export.
  5. In the Certificate Manager Export Wizard, select Yes, export the private key.
  6. Follow the wizard default settings, and enter a password for the certificate backup file when prompted.
  7. Important   Do not select Delete the private key if export is successful, because this will disable your current server certificate.

  8. Complete the wizard to export a backup copy of your server certificate.
To add Certificate Manager to the MMC

Note   If you already have Certificate Manager installed in the MMC, it will point to the correct Local Computer certificate store.

  1. Open an MMC console and select Add/Remove Snap-in from the Console menu.
  2. Click Add.
  3. Select Certificate Manager.
  4. Click Add.
  5. Select the Computer account option.
  6. Select the Local Computer option.
  7. Click Finish.

© 1997-1999 Microsoft Corporation. All rights reserved.