Certificates – SSL

How to export a SSL certificate from Windows 2000 / 2003 server?

http://www.webhostingtalk.com/showthread.php?t=244062

Moving an SSL certificate from Windows 2003 Server to Windows Server 2008
http://www.jppinto.com/2009/04/moving-ssl-certificate-fwindows-2003-server-windows-server-2008/

—————
Procedure for CSR Creation / SSL Certificate Installation

Please follow this exact procedure whenever creating a CSR and installing a SSL cert for a site. This doesn’t matter if the CSR is for a new cert or a renewal cert.
[edit]
Creating the CSR

1. On the server where the site is hosted, create a temporary site in IIS (do NOT use Helm for this). This site will be used to create the CSR and install the SSL cert on the server. For the IP / Port bindings, just use any IP on the server and an un-used port number. Set the path to c:\inetpub\wwwroot. The site does not actually have to be functional in IIS, it’s just a place holder for the CSR and the SSL cert initially.
* Use this naming scheme to create the temporary site:
* csr_$TICKET ID#_domainname
2. Generate the CSR on the csr_domainname site in IIS. You accomplish this by right clicking on the site, going to properties and then directory security tab. Click on ‘Server Certificate’ and follow the wizard. Create a new certificate. Set the bit length to 2048.
* Save the SSL request to this folder, using this naming scheme:
* c:\ssl requests\csr_domain_MMDDYY.txt where MMDDYY is the current date.
3. Now, we will backup the certificate request private key. To load up the Certificates MMC, follow this procedure: Go to Start -> Run -> mmc. Go to Console -> Add/Remove Snap In -> Click ‘Add’ -> Select ‘Certificates’, Click ‘Add’ -> Choose ‘Computer Account’, Click Next -> Click Finish -> Click Close -> Click OK.
4. Expand the Certificates tab and go to the Certificate Enrollment Requests -> Certificates folder. You should see a certificate that corresponds to the common name of the CSR you just generated. Right click on that and go to All Tasks -> Export -> Click Next -> Yes, export the private key -> Click Next -> Leave the password blank, click Next -> for the file name, use this format:
* c:\ssl requests\private_domain_MMDDYY.pfx

[edit]
Installing the SSL Certificate

1. Once the customer has replied back with the SSL certificate, save the cert in this format on the server:
* c:\ssl requests\cert_domain_MMDDYY.cer
2. Open the IIS MMC and go to the csr_domain site. Install the SSL cert to that site using the Certificates Wizard. Right click on the site and go to properties -> directory security tab -> click “server certificate” -> click next -> click next -> enter the path to the certificate, click next -> finish the wizard.
3. Delete the temp site from IIS.
4. Go to the customer’s actual site in IIS and assign the certificate. Right click on the site and go to properties -> directory security tab -> click “server certificate” -> choose -> “assign an existing certificate” or “replace the current certificate” -> find the certificate you installed in step 2 and then click next -> confirm you have the proper SSL cert, particularly that the exp date is proper, click next -> click finish.
5. Now, view the certificate and ensure that a private key corresponds to the cert. If one does not, revert back to the previous SSL cert installed on the site and escalate the ticket.
6. Go to the Web Site tab and confirm that the proper TCP/IP bindings are in place for the SSL site to function on a dedicated IP. If the site does not have a dedicated IP, move it to one using Helm and add the necessary SSL bindings.
7. Now, we will also export a combined certificate. To load up the Certificates MMC, follow this procedure: Go to Start -> Run -> mmc. Go to Console -> Add/Remove Snap In -> Click “Add” -> Select “Certificates”, Click “Add” -> Choose “Computer Account”, Click Next -> Click Finish -> Click Close -> Click OK.
8. Expand the Certificates tab and go to the Personal -> Certificates folder. Find the certificate you just installed. Right click on that and go to All Tasks -> Export -> Click Next -> Yes, export the private key -> Click Next -> Leave the password blank, click Next -> for the file name, use this format:
* c:\ssl requests\combined_domain_MMDDYY.pfx

[edit]
Installing the SSL Certificate on IIS7

1. From Digicert:

http://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm
——————————————————————————————
SSL installation – SAMPLE
1.
Q: When I try to use the CSR generated from H-SPHERE, I get the following message.
“The CSR key length must be 2048 or 4096”
How can I get a CSR longer?

A: Hi,

It is not possible to generate 2048 key length CSR through your control panel. In order to generate CSR for your domain Kindly provide us the details below to proceed.

1. Common Name(your full domain name “www.example.com” )
2. Company
5. Organization Unit
4. City or Locality
5. State or Province
6. Country

2.
Q:
1. Common Name: pssssss.com
2. Company: ABC company
5. Organization Unit: LTD
4. City or Locality: Nasdfvc
5. State or Province: superman
6. Country: UAS

A: Hi,

Thank you for providing the details we are in the process of generating the CSR and you will be updated once the key has been generated.

3.
A: Hi,

I have attached the CSR file along with this mail. Kindly check now and let us know for further assistance.

—–BEGIN NEW CERTIFICATE REQUEST—–
MIIEWDCCA0ACAQAweDELMAkGA1UEBhMCVVMxEjAQBgNVBAgTCVRlbm5lc3NlZTES
MBAGA1UEBxMJTmgfhfdhMRowGAYDVQQKExFGcmFuY2lzIGFuZCBMdXNreTEM
MAoGA1UECxMDTExDMRcwFQYDVQQDEw5wcm9tb3ZpbGxlLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALPHqYwW/tysNhrYE9/gXoRyBpMrIE72LSvI
MJnTHLCcor8x3Lu1FJrc9PdJuNgYveGwTE7RiNhFT5XiIFv188vDv8IugaiWyS/8
f2KBsQtCPy9bLVNyC+wSQWTiEvgcxdRRBmgGJCF9xzSQjOm5tpvAtRcuASYxp
fQVMdkKJLFN7A35oM7PC9GBbDJUeM29Ws24nvS1I8u+zwP3+HH5cvcrMv0Hd4DH8
UILOaTqWrVBRsZtnIUpo7VJXWnLCZX38iLJPLakNtG5kZ0OBMJMKivjYAqY8twjY
KjX6HZROuDA93QZLlEl7kn/CBPxMqRaZ2xZcicRQ6X0uRXmp268CAwEAAaCCAZkw
GgYKKwYBBAGCNw0CAzEMFgo1LjIuMzc5MC4yMHsGCisGAQQBgjcCAQ4xbTBrMA4G
A1UdDwEB/wQEAwIE8DBEBgkqhkiG9w0BCQ8ENzA1MA4GCCqGSIb3DQMCAgIAgDAO
BggqhkiG9w0DBAICujgfjugfkjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAkjbtftrsAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3DQEBBQUAA4IBAQCKr41k
mdzUThDcP4CRayuu3j20p0ZPcZNpV1bsoJabajPlUqroloL0Q42/tMwGXo3P/O5u
+xE+8XbK3r7y6MHcqhoqOE1/ioU9Thj/bqkc2Gzt3fbIaBqFcvxmQV2y+8VLPdG1
eQuZH7wjghgnRbIH/drRznoVkCVLoh7C4W1P5Lbh9
XXtdh49Z5EFDinNBvgeKcxnOVlXXTgCEpGE2BNb44uMb1ZgIJZBKE3lRWXmBnkmT
BSEz++DdI7tmuy0Y
—–END NEW CERTIFICATE REQUEST—–
————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s