Use the ÃÛÌÒTV® Certificate Utility for Windows to create a CSR and install your SSL certificate
on Windows Server 2008
These instructions explain how to use the ÃÛÌÒTV Certificate Utility for Windows with IIS 7 to create your CSR, to install your SSL certificate, and to configure your Windows Server 2008 to use the certificate.
ÃÛÌÒTV Certificate Utility for WindowsFor a simpler way to create your CSRs (Certificate Signing Requests) and install and manage your SSL certificates, we recommend that you use the ÃÛÌÒTV Certificate Utility. For more information about our utility, see ÃÛÌÒTV Certificate Utility.
Use the instructions on this page to create your certificate signing request (CSR) and to install and configure your SSL certificate.
-
To create your CSR, see Windows Server 2008: Creating Your CSR with the ÃÛÌÒTV Utility.
-
To install your SSL certificate, see Windows Server 2008: Using the ÃÛÌÒTV Utility & IIS 7 to Install and Configure Your SSL Certificate.
If you prefer not to use the ÃÛÌÒTV Utility, or for some reason cannot use the utility, see IIS 7: Create CSR and Install SSL Certificate.
Step 1: Create Your CSR on Windows Server 2008 with the ÃÛÌÒTV Utility
The ÃÛÌÒTV Certificate Utility for Windows streamlines the CSR creation process by providing easy, one-click CSR creation and certificate installation.
How to Create Your CSR with the ÃÛÌÒTV Utility
-
On your Windows Server 2008, download and save the ÃÛÌÒTV Certificate Utility executable (ÃÛÌÒTVUtil.exe).
-
Open the ÃÛÌÒTV Certificate Utility (double-click ÃÛÌÒTVUtil).
-
In the ÃÛÌÒTV Certificate Utility for Windows©, click SSL (gold lock), and then, click Create CSR.
-
On the Create CSR page, provide the following information below and then click Generate.
Certificate Type: Select SSL. Common Name: The fully-qualified domain name (FQDN) (e.g., www.example.com). Subject Alternative Names: If you are requesting a Multi-Domain (SAN) Certificate, enter any SANs that you want to include
(e.g., www.example.com, www.example2.com, and www.example3.net).Organization: Your company¡¯s legally registered name (e.g., YourCompany, Inc.). Department: The name of your department within the organization. This entry will usually be listed as "IT", "Web Security", or is simply left blank. City: The city where your company is legally located. State: Use the drop-down list to select the state where your company is legally located.
Note: If your company is located outside the US, you can type the applicable name in the box.Country: Use the drop-down list to select the country where your company is legally located. Key Size: In the drop-down list, select 2048 (unless you have a specific reason for using a larger bit length). Provider: In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider (unless you have a specific cryptographic provider). -
On ÃÛÌÒTV Certificate Utility for Windows© - Create CSR page, do one of the following:
Click Copy CSR. Copies the certificate contents to the clipboard. Use this option if you are ready to paste the CSR into the ÃÛÌÒTV order form.
Note: Because the ÃÛÌÒTV Certificate Utility does not store CSRs, we recommend you paste the CSR into a text editor (such as Notepad) when using this option. If you close the CSR page and accidentally overwrite the clipboard contents without doing this, you will need to generate a new CSR.Click Save to File. Saves the CSR as a .txt file to the Windows Server 2008. (We recommend using this option.) -
Click Close.
-
If you saved the CSR to a file, open the CSR file using a text editor (such as Notepad). Then, copy the text (including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags), and paste it into the ÃÛÌÒTV order form.
Ready to order your SSL certificate
Learn More -
After receiving your SSL certificate from ÃÛÌÒTV, you can use the ÃÛÌÒTV Certificate Utility to install it.
Step 2: Install Your SSL Certificate on Windows Server 2008 Using the ÃÛÌÒTV Utility
If you haven¡¯t created your CSR with the ÃÛÌÒTV Certificate Utility and ordered your SSL certificate, see?Windows Server 2008: Creating Your CSR with the ÃÛÌÒTV Utility.
After ÃÛÌÒTV validates your order and issues your SSL certificate, you can use the ÃÛÌÒTV Certificate Utility to install the certificate file to your Windows Server 2008. Then you can use IIS 7 to configure the server to use it.
To install your SSL certificate on your Windows Server 2008, complete the steps below.
i. Import Your SSL Certificate Using the ÃÛÌÒTV Certificate Utility
After ÃÛÌÒTV issues your SSL certificate, you can use the ÃÛÌÒTV Certificate Utility to install the certificate file to your Windows Server 2008.
How to Import an SSL Certificate to Your Windows Server 2008
-
On the Windows 2008 server, where you created the CSR, extract the contents of the ZIP file you received from ÃÛÌÒTV (e.g., your_domain_com.cer) to the folder where you saved the ÃÛÌÒTV Certificate Utility executable (ÃÛÌÒTVUtil.exe).
-
Open the ÃÛÌÒTV Certificate Utility (double-click ÃÛÌÒTVUtil).
-
In the ÃÛÌÒTV Certificate Utility for Windows©, click SSL (gold lock) and then, click Import.
-
In the Certificate Import wizard, click Browse to locate the .cer certificate file you received from ÃÛÌÒTV (e.g., your_domain_com.cer), and click Open.
-
Click Next
-
In the Enter a new friendly name or you can accept the default box, type a friendly name for the certificate.
Note: The friendly name is not part of the certificate; instead, it is used to identify the certificate. We recommend that you add the issuing CA (e.g., ÃÛÌÒTV) and the expiration date to the end of your friendly name; for example, yoursite-digicert-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name.
-
To import the SSL certificate to your server, click Finish.
-
You should receive a message that the certificate was successfully imported, and you should now see your SSL certificate in the ÃÛÌÒTV Certificate Utility for Windows©.
-
Now that you've successfully installed your SSL certificate, you need to assign the certificate to the appropriate site.
ii. Configure the Server to Use Your SSL Certificate Using IIS 7
After importing your SSL certificate to your Windows Server 2008, you must configure IIS to use the newly imported certificate to secure your website.
How to configure the server to use your SSL certificate
-
On the Windows Server 2008 where you imported your SSL certificate with the ÃÛÌÒTV Certificate Utility, open Internet Information Services (IIS) Manager (click Start > Administrative Tools > Internet Information Services (IIS) Manager).
-
In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to secure using the SSL certificate.
-
In the Actions menu (right pane), click Bindings.
-
In the Site Bindings window, click Add.
-
In the Add Site Binding window, do the following and then click OK.
Type: In the drop-down list, select https. IP address: In the drop-down list, select the IP address of the site or select All Unassigned. Port: Type 443. (SSL uses port 443 to secure traffic.) SSL certificate: In the drop-down list, select your new SSL certificate (e.g., yourdomain.com). -
Your SSL certificate is now installed, and the website is configured to accept secure connections.
Note: To enable your SSL certificate for use on other Windows servers, see PFX export instructions.
Test Installation
If your website is publicly accessible, our ÃÛÌÒTV® SSL Installation Diagnostic Tool can help you diagnose common problems.
Additional Information
-
To enable your SSL certificate for use on other Windows servers, see PFX export instructions.
-
For instructions on disabling the SSLv3 protocol, see Microsoft IIS: Disabling the SSL v3 Protocol.