Microsoft Internet Information Server Certification

Microsoft® Internet Information Server (IIS) must first install a Certificate Authority (CA) certificate according to the process described in Server Installation of CA Certificates. Then a server certificate must be obtained.

The process of requesting and installing a server certificate for IIS can be accomplished using IIS Key Manager and the CertReq program. Key Manager is used to generate a certificate request for the server certificate and CertReq is used to submit the certificate request.

Note In this release, the Web Server Enrollment Page can also be used to submit the certificate request.

To generate a certificate request file using Key Manager

1. Start IIS Internet Server Manager
   
   
2. Access the IIS virtual root.
   
   
3. Run IIS Key Manager from the Internet Service Manager user interface. (There is a toolbar button for Key Manager in the Microsoft Management Console, for which Internet Service Manager is a snap-in.)
   
   
4. Use Key Manager to generate a key pair and certificate request. The request file, NewKey.req, will be created in the root directory.

To submit the certificate request to Microsoft Certificate Server and obtain a server certificate, run CertReq by entering the following at the command prompt:

certreq NewKey.req NewCert.crt

For more information on CertReq see Requesting Certificates with CertReq.

If Certificate Server accepts the request submitted by CertReq, the certificate file NewCert.crt will be created. The certificate file can then be installed into IIS using Key Manager. Once installed, the server certificate will allow any client to perform server authentication when accessing the server after the client installs the CA certificate and completes an enrollment process that installs a client certificate in its application. For more information, see Web Browser Certification.

© 1997 by Microsoft Corporation. All rights reserved.