Create a Domain Server Certificate in IIS 7

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

A domain certificate is an internal certificate that does not have to be issued by an external certification authority (CA). If your Windows domain has a server that acts as a CA, you can create a domain certificate. This approach helps you reduce the cost of issuing certificates and eases certificate deployment.

Note

You must correctly configure the domain certificate to make sure that your Web browser recognizes it as a trusted certificate.

Prerequisites

For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see Server Certificates Feature Requirements (IIS 7).

Exceptions to Feature Requirements

  • None

To create a domain certificate

User Interface

You can perform this procedure by using the user interface (UI).

To use the UI

  1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

  2. In Features View, double-click Server Certificates.

  3. In the Actions pane, click Create Domain Certificate.

  4. On the Distinguished Name Properties page of the Create Certificate Wizard, type the following information and then click Next:

    • In the Common name box, type a name for the certificate.

    • In the Organization box, type the name of the organization in which the certificate will be used.

    • In the Organizational unit box, type the name of the organizational unit in the organization in which the certificate will be used.

    • In the City/locality box, type the unabbreviated name of the city or locality where your organization or organizational unit is located.

    • In the State/province box, type the unabbreviated name of the state or province where your organization or organizational unit is located.

    • In the Country/region box, type the name of the country or region where your organization or organizational unit is located.

  5. On the Online Certification Authority page, in the Specify Online Certification Authority box, type the name of a certification authority (CA) server in your Windows domain, or click Select to search for a CA server in the domain.

Note

The Select button will be enabled only if a certification authority is correctly configured and exists on the domain.

  1. In the Friendly name box, type a friendly name for the certificate and then click Finish. You must provide a friendly name for the certificate.

Command Line

None

Configuration

None

WMI

Use the following WMI classes, methods, or properties to perform this procedure:

  • None

For more information about WMI and IIS, see Windows Management Instrumentation (WMI) in IIS 7. For more information about the classes, methods, or properties associated with this procedure, see the IIS WMI Provider Reference on the MSDN site.

See Also

Concepts

Configuring Server Certificates in IIS 7