Obtain Server Certificates for HTTPS Messaging

Applies To: Windows Server 2008

Use this procedure to obtain server certificates for HTTPS messaging.

You can use this procedure to obtain server certificates for HTTPS messaging. A server certificate must be installed on the computer running Internet Information Services (IIS) to accommodate Secure Sockets Layer (SSL) communications between a client and the Message Queuing virtual directory hosted in IIS.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To obtain server certificates for HTTPS messaging

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. Under Connections, click to select the IIS server.

  3. Double-click the Server Certificates feature available in the IIS section of the workspace for the IIS server to display the server certificates settings for the IIS server.

  4. Click Create Certificate Request under the Actions section of the Internet Information Services (IIS) Manager to display the Request Certificate wizard.

  5. Enter the required values for the Distinguished Name Properties and click Next.

Important

Enter either the fully qualified domain name (FQDN) or the NetBIOS name of the IIS server into the Common name field. If clients will access this web site via the NetBIOS name, then enter the NetBIOS name into the Common name field of the certificate request. If clients will access this web site via the FQDN, then enter the FQDN into the Common name field of the certificate request. To determine the NetBIOS name and FQDN of a computer that is running Windows 7 or Windows Server 2008 R2, right-click Computer and click Properties. The specified Computer name is the NetBIOS name and the specified Full computer name is the FQDN.

  1. Select values for Cryptographic service provider and Bit length on the Cryptographic Service Provider Properties page and click Next.

  2. Enter a file name for the certificate request and click Finish.

  3. On the server requiring a certificate, open your browser.

  4. In your browser, open the form at https://servername/certsrv for requesting a certificate from your CA, where servername is the name of the IIS server where the CA that you want to access is located.

  5. Click Request a certificate, and then click advanced certificate request.

  6. Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

  7. Open the file that contains the certificate request that you created earlier and paste the contents of this file into the Saved Request edit box on the Submit a Certificate Request or Renewal Request form.

  8. Select the Web Server Certificate Template, specifiy any Additional Attributes, and then click Submit.

    • If you see the Certificate Issued web page, select the DER encoded or Base 64 encoded option on the Certificate Issued page, click Download certificate, and then save the security certificate to a folder on the IIS server.

    • If you see the Certificate Pending web page, request that the administrator of the CA issue the certificate from the Certification Authority MMC snap-in. Then return to the certificate request web page, click Download certificate, and save the security certificate to a folder on the IIS server.

  9. If you are finished using the Certificate Services Web pages, close Your browser.

  10. In Internet Information Services (IIS) Manager, double-click the Server Certificates feature available in the IIS section of the workspace for the IIS server to display the Server Certificates workspace for the IIS server.

  11. Press F5 on your keyboard to refresh the Server Certificates workspace.

  12. Right-click the Server Certificate request that you created earlier and select Complete Certificate Request to display the Complete Certificate Request dialog box.

  13. Enter the path to the certificate (.cer) file that you downloaded from the Certificate Services web page or click the browse (..) button to locate the certificate file and populate the path to the certificate.

  14. Enter a friendly name for the certificate in the Friendly name edit box and click OK.

  15. In the Information Services (IIS) Manager, under Connections, right-click the Default Web Site.

  16. Click Edit Bindings.

  17. Click to select https in the Web Site Bindings dialog box and click Edit.

  18. Select the appropriate options in the Edit Web Site Binding dialog box and click OK.

Note

Ensure that you select the certificate with a common name that matches the IIS server name.

Additional considerations

  • After this procedure is complete, you can view the certificate. To do this, click View next to the SSL certificate edit box in the Edit Web Site Binding dialog box.

Additional references