Installing a local server certificate

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

This procedure is performed on the computer that requires the digital certificate. In the case of Web publishing, this will be the ISA Server computer, at a minimum, and may also include the Web server computer. In the case of server publishing, this will be only the server computer that you are publishing. If you installed a stand-alone root CA rather than an enterprise root CA, there are also actions that take place on the certification authority.

Install a local server certificate

  1. Open Microsoft Internet Explorer.

  2. On the Tools menu, click Internet Options .

  3. On the Security tab, under Select a Web content zone to specify its security settings , click Trusted Sites .

  4. Click the Sites button to open the Trusted sites dialog box.

  5. In Add this Web site to the zone box, type the certificate server Web site name (http:// IP_Address_Of_Certification_Authority_Server /certsrvname), and then click Add .

  6. Click OK to close the Trusted sites dialog box, and then click OK to close Internet Options.

  7. Browse to: http:// IP_Address_Of_Certification_Authority_Server /certsrv.

  8. Request a certificate.

  9. Select Advanced Certificate Request .

  10. Select Create and submit a request to this CA (WindowsServer2003 CA), or Submit a certificate request to this CA using a form (Windows2000Server CA).

  11. Complete the form and in the Type box, select Server Authentication Certificate .

    To avoid the client receiving an error when trying to connect, it is critical that the common name you provide for the certificate matches the published server name, as follows:

    • For Web publishing, for a certificate on the ISA Server computer, type the fully-qualified host name or URL that external clients will type in their Web browser to access the Web site, for example

    • For Web publishing, if you are also installing a server certificate on the Web server in addition to the certificate required on the ISA Server computer, the common name is the name that the ISA Server computer uses to access the Web server through the Web publishing rule. This should be the fully-qualified domain name (FQDN) of the Web server, such as

  12. Select Store Certificate in the local computer certificate store (WindowsServer2003 CA) or Use local machine store (Windows2000Server CA) and then click Submit to submit the request.

  13. Review the warning dialog box that appears, and then click Yes .

  14. If you installed a stand-alone root CA, perform the following steps on the certification authority computer. These steps are automated in an enterprise root CA.

    1. Click Start , point to All Programs , point to Administrative tools , and then click Certification Authority .

    2. Expand the CAName certificates node, where CAName is the name of your CA.

    3. Click the Pending requests node, right-click your request, click All Tasks , and then click Issue .

  15. On the ISA Server computer, return to the Web page http:// IP_Address_Of_Certification_Authority_Server /certsrv, and then click View status of a pending request .

  16. Click your request and choose Install this certificate .

Verify that the server certificate was properly installed

  1. Open MMC, and go to the Certificates snap-in.

  2. Open Certificates (local computer), double-click the Personal node, click Certificates , and then double-click the new server certificate.

  3. On the General tab, verify that there is a note that says You have a private key that corresponds to this certificate .

  4. On the Certification Path tab, verify the hierarchical relationship between your certificate and the CA, and verify that there is a note that says This certificate is OK .

  5. Click OK to close the Certificate properties box.

  6. On the File menu, click Exit to close MMC.

  7. Note that on an ISA Server computer running on Windows Server 2003 or Windows 2000 Server, the server certificate obtained from a CA must be stored in the Personal Certificate store of the ISA Server computer. The root certificate for the CA must be stored in the Trusted Root Certificate Authorities store of the ISA Server computer