This example shows how to
obtain online a test server certificate from VeriSign for Microsoft
Internet Information Server 4.0.
To generate a public and
private key pair and CSR for a Microsoft Internet Information
||Open the Microsoft Management Console (MMC) for IIS. On Windows
NT, this can be reached by selecting Start-Programs-Windows NT 4.0
Option Pack-Microsoft Internet Information Server-Internet Service
||In the MMC, expand the Internet Information Server folder by
selecting the "+" sign.
||After expanding this folder, select the "+" sign next to the
||The Default Web Site should be available now, right click on
the icon and choose Properties.
||In the Default Web Site Properties, choose Directory
||In the Secure Communications area of this Property Sheet,
select the Key Manager button.
If the button reads "edit"
instead of "Key Manager" you already have an encryption certificate
for the WWW Service installed.
||Once you are in the Key Manager, right click the WWW icon and
select "Create New Key..."
||The Create New Key dialog appears. You will see two
configuration options in this dialog. Choose "Put the request in a
file that you will send to an authority." Select an appropriate
filename (or accept the default). Later, you will need to copy
information in this file into a form on the VeriSign web site.
||Fill out the next dialog. Key length available will depend on
the level of encryption on your version of NT Server. Normally,
domestic (US and Canadian) versions of NT will have 128-bit
encryption available and export versions of NT will have 40-bit.
The installation of NT Service Packs may affect this as Service
Packs come in both 128 and 40 bit versions.
Remember the password you
enter. Without it, you will not be able to perform actions that
access your private key material (for example, backing up or
restoring a key).
||Continue filling out the dialog. The "Common Name" of the
certificate MUST be either the Name of the NT Server (if using
WINS) or the Domain Name of the Server if on the Internet. For
For every website that has a
distinct DNS name, there must be an encryption Key installed.
However, each website for SSL MUST have a distinct IP address as
well. SSL does not support the use of host headers.
||11. Continue form completion with Country, State and Locality.
Do NOT abbreviate the state name. Your request will be rejected if
you do so.
||Supply the appropriate contact information and Finish.
Key Manager will display a
key icon under the WWW icon. The key will have an orange slash
through it indicating it is not complete.
||Choose the "Computers" menu and select Exit. Choose YES when
asked to commit changes.
If you close Key Manager and do not commit the changes, the key
will not function properly. If this occurs, delete the partial key
in Key Manager and create the request again.