Obtaining a Server Certificate for IIS
 

For the SensorNet Certificate Authority (CA), the function of the certificate request is to generate a key pair. The private key is stored in a Windows key store, and the public key is sent to the SensorNet CA, where it is extracted and embedded in a certificate that is signed and sent back to you. Therefore, the DN you choose when you run the Certificate Application Wizard will be ignored.

So, the first step is to request a certificate from the CA, Jim Rome (romeja@ornl.gov). The e-mail should contain:

  • The ip name of your server
  • Your name and e-mail address
  • Your phone number
  • Your Organization
  • Your Organizational Unit
  • Your City
  • Your State
  • Your Country

When your request is approved, you will receive an e-mail telling you where to get the certificate and containing a user ID and password. At that point you will need to generate the certificate request for IIS.

To do this, launch the Internet Information Services management console from the Administrative Tools menu (Fig. 1).
 

Figure 1.

 
From the IIS console, expand your Web site tree and right-click on your Web site to access the properties menu (Fig. 2).
 

Figure 2.
 
Click the Directory Security tab for the Web Site Properties to access the Server Certificate button (Fig. 3).
 

Figure 3.
 
Click the Server Certificate button to launch the Web Server Certificate Wizard (Fig. 4).
 

Figure 4.
 
As we said at the outset, it really does not matter what data you enter into the wizard. Just be sure to choose the Create New Certificate option (Fig. 5). When the wizard finishes, it creates the file C:\certreq.txt which is what you use to send your public key to the SensorNet CA.
 

Figure 5.
 
Go to [link removed] as shown in Fig. 6.
 

Figure 6.
 
Be sure to include all of the Text in the request. Use the Username and Password you received in the e-mail. When you click OK, you will be asked to save a certificate file. Store it somewhere you can remember (I use a keys folder). Then return to the Microsoft Web Server Certificate Wizard and select "Complete the request". Search for the certificate file (you will have to enable all files in the search dialog because the SensorNetCA certificate file is not a .cer file), select it, and when you click OK, it will be installed.