This article was previously published under Q184695

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

Readme Notes for Certificate Server Update

Highlights

This update to Microsoft Certificate Server applies to version 1.0 as shipped with the Microsoft Windows NT Option Pack. The highlights of this update are as follows:

• Teletex Encoding. Data encoded as teletex in a certificate request will be encoded as teletex data in the certificate issued. Formerly, this data would have been encoded as unicode in the certificate issued.
• Serial Number. Serial numbers generated during certificate issuance will always be positive. Formerly, these serial numbers were allowed to be negative. While this was consistent with X.509, it caused problems for certain restrictive mail clients.
• Backup/Restore. Specific backup requests are now supported, specifically for backing up keys and certificates. A Microsoft Knowledge Base article is available describing the procedural aspects of using this capability.

Be sure you are familiar with the release notes for the Certificate Server originally distributed with the Windows NT Option Pack. Also, be sure you get the following Microsoft Knowledge Base article on backup/restore of keys and certificates.

You can also get additional information on the installation of certificate hierarchies for use with Microsoft Exchange Server from a white paper titled "Creating Certificate Hierarchies with Microsoft Certificate Server Version 1.0" that is available as a self-extracting .exe file (Hier3.exe) on the following Microsoft Web site:

Install Update

When you install or uninstall the Certificate Server, be sure to first stop all services with the potential to cause file-locking conflicts. With administrator privileges, you can enter the following commands at an MS- DOS prompt:

   net stop iisadmin
   net stop certsvc
        

Follow the instructions displayed until both commands complete. You may then install the updated Certificate Server.

If you are installing this update as an upgrade to a previously installed version 1.0 Certificate Server, applying this update requires an uninstall/reinstall of the Certificate Server. Values in the Certificate Server registry and database will not preserved. An option is available to preserve the keys of an existing certificate authority on reinstall.

To Uninstall Certificate Server

1. Change directory to the directory containing the files downloaded from the Microsoft FTP site.

2. Start the uninstall process by typing the following:

       sysocmgr /i:certmast.inf /n
   
               

3. Select Uninstall by clearing the Certificate Server option and clicking Next.

To Reinstall Certificate Server (or install Certificate Server for the first time)

1. Use the same directory and type the following:

      sysocmgr /i:cermast.inf /n
   
               

2. Select install by clicking the Certificate Server option and clicking Next.
3. If you want to preserve the keys of your previous certificate authority, click the Show Advanced Configuration box before you click Next.
4. On the Advanced Configuration page, click the Use Existing Keys box and highlight the name of the certificate authority to be preserved.
5. Click Next and proceed with install.