After the installation of IIS. Go to the Internet Information Services Manager . Select the website where we require to install the certificate. then right click on the default website. Then select directory security tab.
On the Directory Security tab, click Server Certificate
Click Next and select Create A New Certificate
Select Prepare The Request Now, But Send It Later and click Next
Type a name for the certificate and bit length, and then click Next.
Type your organizational name and organizational unit in the box provided and click Next.
Enter your Web server name and click Next.
In the next dialog box, provide some geographical information and click Next.
Enter the location and the name for the certification request, then click Next.
Verify the information and click Next, and then click Finish.By default The request file will be saved in the (c:\>) drive. The file type will be (.txt) format.Copy it and take it to the OPENSSL CA server .
In the OPENSSL server paste it in the CA-server directory. Rename it to (newreq.pem). (because the OPENSSL command to sign a certificate request takes only this name so it must be newreq.pem and will be in the current directory).
Now, lets sign the 'certificate request':
$sh /usr/lib/ssl/misc/CA.sh -sign ( The CA.sh file is automatically stored in that specified loacation at the time of CA installation).
After the file sign process completed the certificate is created named (newcert.pem ) in the current directory.
This certificate will not be supported by a windows 2003 server. You have to again rename it to .cer file.
Take the .cer file to the windows machine. Again select the Internet information service manager(IIS).
Go to the Internet Information Services Manager .
Select the website where we require to install the certificate then right click on the default website.
Then select directory security tab.
On the Directory Security tab, click Server Certificate.
select process the pending request and install it.
Then browse and select the new certificate and click next then finish. The newly installed certificate will be installed. You can see the certificate by clicking on the view certificate button.
No comments:
Post a Comment