HINT: To request a production certificate while still using the 90-day test certificate that the MOVEit DMZ installation program installed in your moveitdmz IIS site, request the certificate from the default IIS site instead.
Click Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager.
Select the MOVEit DMZ server, then select Server Certificates.
Click Create Certificate Request... on the right.
In the Distinguished Names Properties window, enter the following:
Common Name: The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., www.domain.com or mail.domain.com).
Organization: The legally registered name of your organization/company.
Organizational unit: The name of your department within the organization (frequently this entry will be listed as "IT," "Web Security," or is left blank).
City/locality: The city in which your organization is located.
State/province: The state in which your organization is located.
Country/region: If needed, you can find your two-digit country code in our list.
Click Next.
In the Cryptographic Service Provider Properties window, enter the following information and then, click Next:
Cryptographic service provider: Select Microsoft RSA SChannel Cryptographic Provider, unless you have a specific cryptographic provider
Bit length: Select 2048 (or higher)
Browse to a location where you want to save the CSR file and enter a filename. If you just enter a filename without browsing to a location, your CSR will be saved in C:\Windows\System32. Remember the filename and location.
When you have received the certificate (typically several days later), then proceed to the next step.
Completing a Certificate Request
Click Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager.
Select the MOVEit DMZ server, then select Server Certificates.
Click Complete Certificate Request... on the right.
Browse to locate the certificate file (.cer or .crt extension), and enter a Friendly Name for the certificate.
Click OK to install the certificate.
Note: Due to a bug in IIS 7, you may see "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." or "Bad ASN1 tag." If you generated the CSR on this server, click OK and refresh the certificate list. In most cases the certificate will be installed correctly.
Select the website on the left, and click Bindings... on the right.
Click Add.
Change Type to https.
Select the site's IP address (or All Unassigned if this is the only site with an SSL certificate on this server).
Leave Port 443 unless you know you can change it.
For SSL certificate, select the certificate you installed. Click View to confirm the certificate.
Click OK to add the binding.
Click Close. The certificate is installed on the site.