System Configuration - SSL and SSH - SSL - Server Certs - CSRs

Creating a CSR (Certificate Signing Request)

Start with a server that does not have an SSL certificate or remove the current SSL certificate.

HINT: To request a production certificate while still using the 90-day test certificate the MOVEit DMZ installation program installed in your "moveitdmz" IIS site , request the certificate from the "default" IIS site instead.

Click Start -> Programs -> Administrative Tools -> Internet Information Services Manager (IIS Manager). Select the web site you wish to work with and Right-Click then select Properties. Click on the Directory Security tab then click Server Certificate.... This will start the Web Server Certificate Wizard.

Select Create a new certificate and click Next.

ssl27.png (10717 bytes)

Select Prepare the request now, but send later and click Next.

ssl28.png (10740 bytes)

Select the name and security strength (1024 bit at least) and click Next.

ssl29.png (11771 bytes)

Type your Organization Information and click Next.

ssl31.png (11280 bytes)

Type the Common Name that will be used for this certificate and click Next. This is the Fully Qualified Domain Name (FQDN) for your MOVEit DMZ site, for example moveitdmz.com. Make sure to have the name approved with the DNS administrator before sending the CSR to the Certificate Authority.

ssl32.png (10361 bytes)

Type the Geographical Information that will be used for this certificate and click Next

ssl33.png (10418 bytes)

Select the filename to be used for the certificate request and click Next.

ssl34.png (8922 bytes)

Verify the certificate from the Summary information and click Next.

ssl36.png (10626 bytes)

Click Finish to finalize your CSR. You will now need to send the CSR to a Certificate Authority of your choice.


Installing the Certificate (after receiving the file from a CA)

When you have received the certificate (typically several days later), then proceed to the next step.

Start with a server that has a pending request. Click Start -> Programs -> Administrative Tools -> Internet Information Services Manager (IIS Manager). Select the web site you wish to work with and Right-Click then select Properties. Click on the Directory Security tab then click Server Certificate.... This will start the Web Server Certificate Wizard.

Select Process the pending request and install certificate and click Next.

ssl38.png (9772 bytes)

Select the path and filename of the response that was sent from the Certificate Authority.

ssl39.png (9867 bytes)

Choose to install the certificate using Port 443 and then click Finish.

HINT: If you performed this procedure on your "default" IIS site to because you were still using the MOVEit DMZ 90-day test certificate, you should now move your new cert over to your "moveitdmz" IIS site. First, go to the "Directory Security" tab on the "default" IIS site, click "Server Certificate..." and select the "Remove" action. Next, open the "moveitdmz" IIS site's properties, go to the "Directory Security" tab, click "Server Certificate..." and select the "Replace" (or "Assign") action. Finally, select the certificate you requested and installed from the "default" IIS site.

The certificate now needs to be assigned to the MOVEit DMZ FTP Server.