Share via


Importing a certificate to a Forefront TMG computer

Applies To: Forefront Threat Management Gateway (TMG)

Before performing this task, you must export the certificate to a file from the Web server on which the certificate was requested and installed, and you must copy the file to the Forefront TMG computer.

To import a certificate to a Forefront TMG computer

  1. On the Forefront TMG computer, click Start, click Run, type mmc in the Open text box, and click OK.

  2. In the Console1 window, click the File menu and then click Add/Remove Snap-in.

  3. In the Add/Remove Snap-in dialog box, click Add.

  4. In the Add Standalone Snap-in dialog box, select Certificates and click Add.

  5. On the Certificates snap-in page, select Computer account and click Next.

  6. On the Select Computer page, select Local computer and click Finish.

  7. In the Add Standalone Snap-in dialog box, click Close.

  8. In the Add/Remove Snap-in dialog box, click OK.

  9. In the console tree, expand the Certificates (Local Computer) node, and right-click Personal.

  10. Select All Tasks, and then click Import.

  11. On the Welcome to the Certificate Import Wizard page, click Next.

  12. On the File to Import page, browse to the file that you previously created when you exported the certificate, and then click Next.

  13. On the Password page, type the password for this file, and then click Next.

    Important

    The Password page provides the option Mark this key as exportable. If you want to prevent exporting of the key from the Forefront TMG computer, do not select this option.

  14. On the Certificate Store page, verify that Place all certificates in the following store is selected and that Certificate Store is set to Personal (the default settings), and then click Next.

  15. On the Completing the Certificate Import Wizard page, click Finish.

  16. Verify that the server certificate was properly installed by performing the following steps:

    1. Click Start, click Run, type mmc in the Open text box, and click OK.

    2. In the Console1 window, click the File menu and then click Add/Remove Snap-in.

    3. In the Add/Remove Snap-in dialog box, click Add.

    4. In the Add Standalone Snap-in dialog box, select Certificates and click Add.

    5. On the Certificates snap-in page, select Computer account and click Next.

    6. On the Select Computer page, select Local computer and click Finish.

    7. In the Add Standalone Snap-in dialog box, click Close.

    8. In the Add/Remove Snap-in dialog box, click OK.

    9. In the console tree, expand the Certificates (Local Computer) node, expand Personal, click Certificates, and double-click the new server certificate. On the General tab, there should be a note that says You have a private key that corresponds to this certificate. On the Certification Path tab, you should see a hierarchical relationship between your certificate and the certification authority (CA) and a note that says This certificate is OK.

    10. Close the Console1 window.

    Note

    After you successfully complete this procedure, you can remove the certificate from the Web server on which the certificate was requested and installed.

Concepts

Configuring server certificates for secure Web publishing