Cisco SCA 11000 Series Secure Content Accelerators

How to Import a Microsoft IIS 4.0 Certificate and Key into the Secure Content Accelerator Configuration Manager

Document ID: 3996

Updated: May 12, 2004



In order to configure the Secure Content Accelerator (SCA), you need to create or import a certificate and a key. To reuse a Microsoft Internet Information Server (IIS) 4.0 certificate and key, you must export the certificate and key, then import the certificate and key into the SCA Configuration Manager. This document provides instructions on how to perform the export and import tasks.



There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.


For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Main Task


In this section, you are presented with the information to configure the features described in this document.

You need to retrieve the certificate file and the keys. After you have done so, import the certificate and keys into the SCA Configuration Manager.

Step-by-Step Instructions for IIS 4.0

If the certificate file is in the directory specified when the certificate was downloaded from the Certificate Authority (CA), complete these steps:

  1. Double-click the certificate file to open the viewer.

  2. Click the Details tab.

  3. Click Copy to file. The Certificate Manager Export Wizard opens.

  4. Click Next.

  5. Select the DER-encoded binary X.509 radio button.

  6. Click Next.

  7. Specify a file name and location.

  8. Click Next.

  9. Click Finish.

  10. Click OK when you see the successful completion notice.

  11. Exit the Certificate Manager Export Wizard.

  12. Close the certificate viewer.

Additional Step-by-Step Instructions for IIS 4.0

If the keys are located within the key ring, or key manager program, complete these steps:

  1. Select Start -> Programs -> Windows NT 4.0 Option Pack -> Microsoft Internet Information Server -> Internet Service Manager. The Microsoft Management Console opens.

  2. Navigate to the Web site using the object list.

  3. Right-click the Web site key ring object.

  4. Click Properties in the shortcut menu.

  5. Click the Directory Security tab.

  6. Click Edit in the Secure Communication panel.

  7. Click Key Manager.

  8. Click the key to export.

  9. On the Key menu, point to Export Key.

  10. Click Backup File.

  11. Read the security warning.

  12. Click OK.

  13. Select a file location and enter a file name.

  14. Click Save.

  15. Exit the Internet Service Manager.

Step-by-Step Instructions for SCA Configuration Manager

Use the SCA Configuration Manager to import the certificate and keys:

  1. Start the SCA Configuration Manager by running the program cscacfg.

  2. At the SCA prompt, issue the attach ip ip address of SCA command.

  3. At the SCA prompt, issue the configure command.

  4. Press Enter.

  5. At the (config[SCA-1]) prompt, issue the ssl command.

  6. Press Enter.

  7. At the (config-ssl[SCA-1]) prompt, issue the key name create command.

  8. Press Enter.

    This will create a named key association for the certificate and key you retrieved from your IIS 4.0 server.

    In 3.0.5, the key command replaced the keyassoc command.

  9. Import the certificate and key you retrieved from your IIS 4.0 server by issuing the command net-iis.

  10. Press Enter.

    You will be presented with this prompt:

    Enter DER encoded X509 certificate filename exported from IIS: a:\mycert.cer  
    !--- You must enter the location and name of the certificate. 
    Enter private key filename exported from IIS: a:\mykey.key 
    !--- You must enter the location and name of the key.


There is currently no verification procedure available for this configuration.


There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: May 12, 2004
Document ID: 3996