Thursday, June 02, 2005

SSL Overview: Part 3, Submit the certificate request

If you've been following along with the previous posts, you'll see that we're progressing through the original outline. We've already created a certificate request using the IIS MMC, and we're at the point where we need to submit the request to a Certification Authority (CA).

The first thing you need to do is to make sure that you already have a Certification Service installed on a server. From an architecture standpoint, you may want to consider placing this on an internal box running IIS, as opposed to an Internet facing system. There are also some considerations to take into account as far as using an AD-integrated CA, or a stand-alone CA. In this scenario I have used a stand-along CA.

In any case, it's time to go through the approval process.

1) Using IE (internet explorer) browse to your certificate server (http://server-name/certsrv).
2) Click “Request a Certificate”
3) Click “Advanced certificate request”.
4) Choose to “Submit a certificate request by using a base-64-encoded…”
5) Browse to the certificate request you created earlier (e.g. “c:\certreq.txt”), and open it in notepad. Copy the entire contents of the file (including the “-----Begin--- and ----END--… lines), and past it into the certificate request box.

Reference this link for further details.

6) Click Submit.
7) You should see a message indicating that your Certificate request has been received, and that you must wait for an administrator to approve.

Side Note: If you receive an error to the effect of "Failed to Create Certificate Authority Request", this seems to be caused by SUS (and the IIS lockdown tool).

I will be following up with a work-around for this error, as well as the remaining posts detailing the original outline.

No comments: