SSL Cerver Certificate Order - Detailed instructions

Microsoft IIS

IIS 5

Step 1. Creating the certificate request (CSR) with IIS 5

  1. Go to the Administration Utilities menu and select the Internet Services Manager (IIS)
  2. Click on the page to be protected with the right-hand mouse button and select Properties
  3. Select the Directory Security tab
  4. Click on the Server Certificate button in the Secure Communication section
  5. Select Create a new certificate
  6. Select Prepare the request now, but send it later
  7. Fill in following information on Distinguished Name Properties window:
    1. Common Name: Fully qualified DNS-name or an IP-address
    2. Organization: Organizations name has to be exactly same as the name visible in Y-tunnus (Y-code/Finnish Business Identity Code/VAT Number database
    3. Organizational Unit: Can be left empty
    4. City/locality: Mandatory field
    5. State/province: Mandatory field
    6. Country/region: Must be a two-letter country code
  8. Finally, give a name to your certificate request, for example MyCertReq.txt
  9. Lastly, check the information you have given and exit by clicking on the Finish button
  10. Open the certificate request you made (MyCertReq.txt) with the Notepad program and copy the content to the order page . Do not copy spaces or blank rows!

  11. Multidomain certificate request instruction

Step 2. Installing the certificate IIS 5

  1. TeliasSonera CA sends a link to the customer from where the customer can retrieve the actual certificate
  2. Follow the instructions on the page to save the certificate on your computer e.g. under the name MyCert.cer
  3. Save TeliaSonera Intermadiate CA p7b-file to server from here under the name TS_intermediate.p7b
  4. Open Microsoft Management Console (MMC) Start -> Run -> type "mmc" and click "ok" or press enter
  5. Open add/remove snap-in File -> Add/Remove Snap-in
  6. Open Certificates Snap-in by clicking 'Add' and clicking 'Certificates'
  7. Select 'Computer Account' and click 'Next'
  8. Select 'Local Computer' and click 'Finish'
  9. Close 'Add Standalone Snap-in' windows and click 'OK'
  10. Expand the Certicate view by clicking plus (+) mark
  11. Right-click on 'Intermediate Certification Authorities', select 'All Tasks', then select 'Import'.
  12. Locate the intermadiate Certificate (TS_intermediate.p7b) and click Next. When the wizard is completed, click Finish.
  13. Go to the Administration Utilities menu and select IIS on it
  14. Select the page to be protected, click the right-hand mouse button, and select Properties
  15. Click on the Directory Security tab
  16. Click on the Server Certificate button in the Secure Communication section
  17. Select Process the Pending Request and Install the Certificate
  18. Retrieve the certificate you saved (MyCert.cer)
  19. Read the summary to be sure you selected the correct certificate
  20. Check that certificate chain is correct, open Certificate path tab
  21. To use the server certificate, you must restart the IIS service
  22. If you are using Microsoft ISA/TMG/UAG services, restart the server
  23. Check the operation of the protected pages by using the SSL port (default 443)

Back-up copying IIS 5

  1. Go to the Administration Utilities menu and select Internet Services Manager (IIS)
  2. Click on the page to be protected with the right-hand mouse button and select Properties
  3. Select the Directory Security tab and click on View Certificate. This opens the certificate
  4. Go to the Details tab and click on Copy to File
  5. This opens the Certificate export wizard; to move on in the back-up copying, click on Next
  6. You can take a back-up copy of the certificate either with or without the secret key. Select Yes to take a back-up copy of the key, also, and No if you do not want the secret key
  7. Select the format where the back-up copy is taken. The option "select default" on the page is enough. NOTE! Select "include all certificates in the certificate path if possible"
  8. If you chose to copy the secret key as well, you need to set a password for your back-up copy.
  9. Select a directory where the back-up copy is saved and name your back-up copy (for example, server name www.server.fi)
  10. Click on Finish and OK. The back-up copy of the certificate has now been successfully taken
  11. Copy file example to CD
  12. Keep CD on the safe place

Restoring from a back-up copy IIS 5

  1. Go to the Administration Utilities menu and select IIS on it
  2. Select the page to be protected, click on the right-hand mouse button and select Properties
  3. Select the Directory Security tab
  4. Click on the Server Certificate button in the Secure Communication section
  5. Install a certificate from a .pfx file
  6. Retrieve the back-up copy of the server certificate with the Browse button and select "mark this key as exportable"
  7. Give the password that protects the back-up copy
  8. Give the SSL port (port 443 is used as default)
  9. Check the information of the certificate and click on Next
  10. Click on Finish
  11. The certificate has been restored from the back-up copy

IIS 7

Step 1. Creating the certificate request with IIS 7

  1. Press Start button and open menu Administrative Tools. Choose Internet Information Services from the menu
  2. Click on the server name
  3. Double-click icon Server Certificates which is located in Security section of the middle-menu
  4. Choose from Actions menu on the right link CreateCertificate Request
  5. Fill in following information on Distinguished Name Properties window:
    1. Common Name: Fully qualified DNS-name or an IP-address
    2. Organization: Organizations name has to be exactly same as the name visible in Y-tunnus (Y-code/Finnish Business Identity Code/VAT Number database
    3. Organizational Unit: Can be left empty
    4. City/locality: Mandatory field
    5. State/province: Mandatory field
    6. Country/region: Must be a two-letter country code
  6. Use default values Microsoft RSA SChannel and 2048 on page Cryptographic Service Provider Properties.
  7. In File name page, insert a name for your CSR-file for example MyCertReq.txt
  8. Lastly, check the information you have given and exit by clicking on the Finish button
  9. Open the certificate request you made (MyCertReq.txt) with the Notepad program and copy the content to the order page . Do not copy spaces or blank rows!

Step 2. Installing the certificate IIS 7

  1. TeliaSonera CA sends a link to the customer from where the customer can retrieve the actual certificate
  2. Follow the instructions on the page to save the certificate on your computer e.g. under the name MyCert.cer
  3. Save TeliaSonera Intermadiate CA p7b-file to server from here under the name TS_intermediate.p7b
  4. Open Microsoft Management Console (MMC) Start -> Run -> type "mmc" and click "ok" or press enter
  5. Open add/remove snap-in File -> Add/Remove Snap-in
  6. Open Certificates Snap-in by clicking 'Add' and clicking 'Certificates'
  7. Select 'Computer Account' and click 'Next'
  8. Select 'Local Computer' and click 'Finish'
  9. Close 'Add Standalone Snap-in' windows and click 'OK'
  10. Expand the Certicate view by clicking plus (+) mark
  11. Right-click on 'Intermediate Certification Authorities', select 'All Tasks', then select 'Import'.
  12. Locate the intermadiate Certificate (TS_intermediate.p7b) and click Next. When the wizard is completed, click Finish.
  13. Go to the Administration Utilities menu and select IIS on it
  14. Select the page to be protected, click the right-hand mouse button, and select Properties
  15. Click on the Directory Security tab
  16. Click on the Server Certificate button in the Secure Communication section
  17. Select Process the Pending Request and Install the Certificate
  18. Retrieve the certificate you saved (MyCert.cer)
  19. Read the summary to be sure you selected the correct certificate
  20. Check that certificate chain is correct, open Certificate path tab
  21. In IIS, Select your Web site under Sites on the left-hand menu to display your site's Actions menu (right side of the page). Select Bindings
  22. Select Add from the Site Bindings window. If Type https is already listed, select it form the list and click Edit. The Add Site Binding window appears
  23. In the Add Site Binding window, set Type to https, IP address to All Unassigned, Port to 443. Specify the correct SSL certificate. Click OK.
  24. The Site Bindings window appears, showing the newly added binding. Click Close.
  25. Restart II7 on the left-hand menu
  26. If you are using Microsoft ISA/TMG/UAG services, restart the server
  27. Check the operation of the protected pages by using the SSL port (default 443)

Back-up copying IIS 7

  1. Press Start button and open menu Administrative Tools. Choose Internet Information Services from the menu
  2. Click on the server name
  3. Double-click icon Server Certificates which is located in Security section of the middle-menu
  4. Choose from Actions menu on the right link Export
  5. On Export Certificate window choose location where the store certificate back-up file and give a password for certificate back-file and click OK
  6. Store IIS 7 certificate back-up file carefully

Restoring certificate from back-up IIS 7

  1. Press Start button and open menu Administrative Tools. Choose Internet Information Services from the menu
  2. Click on the server name
  3. Double-click icon Server Certificates which is located in Server Certificates section of the middle-menu
  4. Choose from Actions menu on the right link Import
  5. On Import Certificate window choose location where the stored certificate back-up file is and give a password for certificate back-file and click OK
  6. Certificate is restored from back-up file


Intermediate certificate installation

  1. Open Microsoft Management Console (MMC) Start -> Run -> type "mmc" and click "ok" or press enter
  2. Open add/remove snap-in File -> Add/Remove Snap-in
  3. Open Certificates Snap-in by clicking 'Add' and clicking 'Certificates'
  4. Select 'Computer Account' and click 'Next'
  5. Select 'Local Computer' and click 'Finish'
  6. Close 'Add Standalone Snap-in' windows and click 'OK'
  7. Expand the Certicate view by clicking plus (+) mark
  8. Right-click on 'Intermediate Certification Authorities', select 'All Tasks', then select 'Import'.
  9. Locate the intermadiate Certificate (TS_intermediate.p7b) and click Next. When the wizard is completed, click Finish.




Microsoft pages