Microsoft KB Archive/171084

= How to Install a Certificate =

Article ID: 171084

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 2.0
 * Microsoft Internet Information Server 3.0

-



This article was previously published under Q171084



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SUMMARY
The following are the steps to successfully install a Certificate using Key Manager with Internet Information Server (IIS).



MORE INFORMATION
 Generate a Key Pair File and a Request File.

 In the Microsoft Internet Server, click Key Manager, or click the Key Manager icon on the Internet Service Manager toolbar. From the Key menu, click Create New Key. In the Create New Key and Certificate Request dialog box, fill in the requested information. After you fill out the form, click OK. When you are prompted, retype the password you typed in the form, and click OK.</li> An icon appears as the key is being created. When the key has been created, a screen appears giving you information about the new keys and how to obtain a certificate.</li> After you read the New Key Information screen, click OK.</li> From the Key menu in Key Manager, choose Export Key and then Backup File. Click OK to the warning dialog on your hard disk. Type the key name in the File Name box, and click Save.

NOTE: Backing up the Key is very important.</li> To save the new key from the Servers menu, select Commit Changes Now. When asked if you want to commit all changes now, click OK.</li></ol> </li> Request a Certificate from a Certification Authority.

To get a Secure Sockets Layer (SSL) Server ID, complete the Online Enrollment Form at the following location:

http://www.verisign.com for a SSL Server ID

</li> Install the Certificate on your Server.

<ol style="list-style-type: lower-alpha;"> In the Internet Server program group, click Key Manager.</li> In the Key Manager window, select the key pair that matches your signed certificate.

If you backed up the key pair file, you have to load it first. To load a backed-up key file, click Key Manager on the Key menu, select Import Key and then Backup File.</li> Select the file name from the list, and click Open.</li> From the Key menu, choose Install Key Certificate.</li> Select the Certificate file from the list (for example, Certif.txt), and click Open.</li> When you are prompted, type the password that you used in creating the key pair. The key and certificate are combined and stored in the registry of the server.</li> Click Commit Changes Now on the Servers menu.</li> When you are asked if you want to Commit All Changes Now, click OK.</li></ol> </li></ol>

Sending them via mail can corrupt certificates. If you try and install a corrupt certificate, you will get a wrong password error message. You will no longer be able to install the certificate for that key, even if you get a non-corrupt copy.

To uncorrupt the certificate:


 * 1) Load the certificate in Notepad.
 * 2) No spaces can exist anywhere in the certificate.
 * 3) Save it without an extension by selecting the All Files as type. Do not check the unicode box.
 * 4) Once you have fixed your certificate, you must delete the key and re-import it. Make sure you have saved it first.

To import the key, click Import on the Key menu, then select Backup file.

Additional query words: iis

Keywords: kbhowto kbother KB171084

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.