Share via


Installing a certificate from a commercial certification authority

Applies To: Forefront Threat Management Gateway (TMG)

This procedure can be used to install a certificate obtained from a commercial certification authority only on the computer from which the certificate was requested.

To install a certificate from a commercial certification authority

  1. On the computer hosting the Web site that you plan to publish, click Start and then point to Administrative Tools. Click Internet Information Services (IIS) Manager.

  2. In Internet Information Services (IIS) Manager, expand Web Sites.

  3. Right-click the name of the Web site that has a pending certificate request and then click Properties.

  4. Click the Directory Security tab.

  5. In Secure Communications, click Server Certificate.

  6. On the Welcome to the Web Server Certificate Wizard page, click Next.

  7. Select Process the Pending Request and Install the Certificate and click Next.

  8. Type the path of the certificate response file (or locate the file by browsing to it), and then click Next.

  9. On the SSL Port page, select the SSL port that the Web site will use. By default, this is port 443.

  10. On the Certificate Summary page, review the information to ensure that you are processing the correct certificate, and then click Next.

  11. On the Completing the Web Server Certificate Wizard page, click Finish.

  12. Verify that the server certificate was properly installed by performing the following steps.

    1. Click Start, click Run, type mmc in the Open text box, and click OK.

    2. In the Console1 window, click the File menu and then click Add/Remove Snap-in.

    3. In the Add/Remove Snap-in dialog box, click Add.

    4. In the Add Standalone Snap-in dialog box, select Certificates and click Add.

    5. On the Certificates snap-in page, select Computer account and click Next.

    6. On the Select Computer page, select Local computer and click Finish.

    7. In the Add Standalone Snap-in dialog box, click Close.

    8. In the Add/Remove Snap-in dialog box, click OK.

    9. In the console tree, expand the Certificates (Local Computer) node, expand Personal, click Certificates, and double-click the new server certificate. On the General tab, there should be a note that says You have a private key that corresponds to this certificate. On the Certification Path tab, you should see a hierarchical relationship between your certificate and the certification authority (CA), and a note that says This certificate is OK.

    10. Close the Console1 window. Save the console settings with a descriptive name, such as LocalComputerCertificates.msc.

Note

  • If you want to install the certificate on a Forefront TMG computer, you must first install it on the Web server from which the certificate was requested, export the certificate to a file, copy the file to the Forefront TMG computer, and then import the certificate from the file.

  • After you successfully complete this procedure, you can export the certificate to a file that can be imported to another computer. For instructions, see Exporting a certificate from a Web server.

Concepts

Configuring server certificates for secure Web publishing