Table of Contents
Contact a certificate authority (CA) to request an SSL certificate for use with Window Server 2008 R2 Internet Information Services Version 7 (IIS7). You can use any CA, these four are among the best known:
- Network Solutions—www.networksolutions.com
Some certificate authorities provide Unified Communications certificates that allow the listing of multiple Subject Alternative Names (SAN) to secure multiple distinct hostnames in one certificate. The SAN option is not available when using the IIS certificate utility. The IIS utility supports only single-use certificates.
Step 7 In the File Name window, enter a filename for the certificate request < C:\Users\Administrator\Desktop\cert_request.txt >. The Certificate Authority that you choose will accept the request and “sign” it for you.
Step 8 Open the file that you created in Step 7. Store the complete request including the “Begin” and “End” sections and all dashes in a text file. Do not include any additional carriage returns after the final dash. The file will look like the following example. Click Finish .
Step 1 Request an SSL certificate from a certificate authority (CA). See Before You Begin for a list of recommended CA vendors.
Step 2 When you reach the CA screen that requests the certificate signing, paste (or upload) the text file that you created in Step 8.
Step 4 The CA will provide two files: the intermediate certificate (PKCS #7 Certificates) and the server certificate (Security Certificate). Each certificate must be installed separately to complete the signing process. Copy both files to the Content Server IIS.
Note Make certain that you properly identify and copy the two certificate files. The intermediate certificate PKCS #7 Certificates includes all of the necessary intermediate certificates. The Security Certificate is the server certificate.
Note If you incorrectly choose the Server certificate at this step, you will need to start over at Step 7. You will need to create a new cert_request.txt file, and request a certificate re-key from the CA (the CA will revoke the original key and reissue a new key).
Step 12 In the Certificate Store window, click the Place all certificates in the following store radio button. Confirm that Intermediate Certification Authorities is displayed in the Certificate store field. Click Next .
Step 8 In the Edit Site Binding window SSL certificate drop down menu, choose the friendly name certificate that you entered in Step 4.
Note If you do not see the friendly name certificate that you created in Step 4, confirm that you have correctly completed all previous steps in this procedure.
If you use a self-signed certificate for the Content Server, client browsers will generate an error stating that the signing certificate authority is unknown and not trusted. Because of the certificate-error message, you should develop an appropriate work around that is consistent with your security policies for all users that access the Content Server.
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html .
Subscribe to What’s New in Cisco Product Documentation , which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.This document is to be used in conjunction with the documents listed in the “Related Documentation” section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.