Certificates are part of Secure Sockets Layer (SSL) encryption. With a server certificate, a user can confirm the identity of a WEB server before transmitting sensitive data, such as a credit card number. The server certificate also contains the public key information for the server, which can then be sent back to the server after the data has been encrypted.
(i) Configuring an Internet server certificate
Internet server certificates are issued by a public certification authority (CA). To obtain an Internet server certificate, first send the request to the CA, and then install the Internet server certificate sent from the CA.
Request an Internet server certificate
If you must prove the identity of the server to the client requesting the content of the WEB server, you will need to request an Internet server certificate. Internet server certificates are issued by a public certification authority (CA).
1. Open IIS Manager, and then navigate to the level you want to manage.
2. In the feature view, double-click Server Certificate.
3. In the actions pane, click Create Certificate request.
4. On the Distinguished Name Properties page of the Request Certificate Wizard, type the following information, and then click Next.
-In the Universal Name text box, type a name for the certificate.
-In the Organization text box, type the name of the organization that will use the certificate.
-In the Organizational Unit text box, type the name of the organizational unit in which the certificate will be used in your organization.
-In the City/Location text box, type a non-abbreviated name for the city or location where your organization or organizational unit resides.
-In the State text box, type a non-abbreviated name for the state or province in which your organization or organizational unit resides.
-In the country/region text box, type the name of the country/region where your organization or organizational unit is located.
5. On the Cryptographic Service provider Properties page, in the cryptographic service provider Drop-down list, select Microsoft RSA SChannel encryption Provider or Microsoft DH SChannel Cryptographic Provider. By default, IIS 7.0 uses the Microsoft RSA SChannel encryption provider.
6. In the bit long drop-down list, select the bit length that the provider can use. By default, the RSA SChannel provider uses a bit length of 1024. The DH SChannel provider uses a bit length of 512. The longer the bit length, the stronger the security, but also the performance is affected to varying degrees.
7. Click "Next".
8. On the file Name page, in the Specify a file name for a certificate request text box, type a file name, or click the browse button (...) on the page to locate the file, and then click Finish.
9. Send a certificate request to a public CA.
Installing an Internet server certificate
When you receive a response from a public certification authority (CA) that you send a certificate request to, you must complete this procedure by installing a server certificate on the WEB server.
1. Open IIS Manager, and then navigate to the level you want to manage.
2. In the feature view, double-click Server Certificate.
3. In the actions pane, click Finish Certificate request.
4. On the complete Certificate Request page, in the file name of the file that contains the Certification Authority response text box, type the path to the files containing the CA response, or click the browse button ("...") to search for the file.
5. In the Friendly Name text box, type a friendly name for the certificate, and then click OK.
(ii) Create a domain server certificate in IIS 7.0
A domain certificate is an internal certificate that does not need to be issued by an external certification authority (CA). If your Windows domain contains a server that is used as a CA, you can create a domain certificate. This approach helps reduce the cost of issuing certificates and facilitates the deployment of certificates.
1. Open IIS Manager, and then navigate to the level you want to manage.
2. In the feature view, double-click Server Certificate.
3. In the actions pane, click Create Domain certificate.
4. On the Distinguished Name Properties page of the Create Certificate Wizard, type the following information, and then click Next:
-In the Universal Name box, type a name for the certificate.
-In the Organization box, type the name of the organization that will use this certificate.
-In the Organizational unit box, type the name of the organizational unit that will use this certificate in the organization.
-In the City/Location box, type a non-abbreviated name for the city or location where your organization or organizational unit resides.
-In the State/province box, type a non-abbreviated name for the state or province in which your organization or organizational unit resides.
-In the country/region box, type the name of the country/region where your organization or organizational unit is located.
5. On the Online Certification Authority page, in the Specify an online certification authority box, type the name of the certification authority (CA) server in your Windows domain, or click Select to search for the CA server in this domain.
Note: The Select button is enabled only if there is a properly configured certification authority in this domain.
6. In the Friendly Name box, type a friendly name for the certificate, and then click Finish. You must provide a friendly name for the certificate.