Previous Topic

Next Topic

Book Contents

Book Index

SSL - Server Certs - CSRs

Creating a CSR (Certificate Signing Request)

Start with a server that does not have an SSL certificate or remove the current SSL certificate.

HINT: To request a production certificate while still using the 90-day test certificate that the MOVEit DMZ installation program installed in your moveitdmz IIS site, request the certificate from the default IIS site instead.

  1. Click Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager.
  2. Select the MOVEit DMZ server, then select Server Certificates.

    Embedded OLE File Template, D50, H100

  3. Click Create Certificate Request... on the right.

    AdminGuide_CSRs_06

  4. In the Distinguished Names Properties window, enter the following:
  5. Click Next.
  6. In the Cryptographic Service Provider Properties window, enter the following information and then, click Next:
  7. Browse to a location where you want to save the CSR file and enter a filename. If you just enter a filename without browsing to a location, your CSR will be saved in C:\Windows\System32. Remember the filename and location.
  8. Click Finish to finalize the CSR. You will now need to send the CSR to a Certificate Authority of your choice.

When you have received the certificate (typically several days later), then proceed to the next step.

Completing a Certificate Request

  1. Click Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager.
  2. Select the MOVEit DMZ server, then select Server Certificates.

    Embedded OLE File Template, D50, H100

  3. Click Complete Certificate Request... on the right.

    AdminGuide_CSRs_02

  4. Browse to locate the certificate file (.cer or .crt extension), and enter a Friendly Name for the certificate.

    AdminGuide_CSRs_03

  5. Click OK to install the certificate.

    Note: Due to a bug in IIS 7, you may see "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." or "Bad ASN1 tag." If you generated the CSR on this server, click OK and refresh the certificate list. In most cases the certificate will be installed correctly.

  6. Select the website on the left, and click Bindings... on the right.

    AdminGuide_CSRs_04

  7. Click Add.
  8. Change Type to https.

    Select the site's IP address (or All Unassigned if this is the only site with an SSL certificate on this server).

    Leave Port 443 unless you know you can change it.

    For SSL certificate, select the certificate you installed. Click View to confirm the certificate.

    AdminGuide_CSRs_05

  9. Click OK to add the binding.
  10. Click Close. The certificate is installed on the site.