Thawte - How To Buy a CertificateskyBuilders Certificate
How to Create a Digital Certificate
1) You must first use the Wizard on the target Web Server to prepare a Certificate Request. Thawte says our Web Server generates the CSR.
The CSR asks for City, State, etc.
When I use ca.skybuilders.com, it asks me for basic info, then generates a CSR file, but without the
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
wrapper. Thawte says you must include this wrapper.
Our CA does not ask for a password (to be encrypted and used to unzip the certificate) unless you click Key Options - Create New Keys and check Set the Container Name (You need to enter a filename - I used CSRKeys on desktop - easy to lose and forget.).
2) Then you must go to a Certificate Authority and ask for a Certificate. If you use one of the major CA's (Verisign, Thawte) it will cost $150 or more per year, but your secure pages will be served to the browser with no warning. You may also go to skyBuilders Certificate Authority. It may take some time for any CA to process your request, including skyBuilders CA, because they must verify your identity.
3) When your Certificate is ready, you download it and install it in the web server.
To prepare a Certificate request, you may use Internet Service Manager (MMC) or go to http://ca.skybuilders.com (skyBuilders Certificate Authority)?
skyBuilders CA is wet up for Web Browser certificates and Email certificate. To get a Web Site certificate, you will need to click the Advanced radio button.
Default Web Site Properties\Directory Security Tab Go down to Secure Communications, Server Certificate (Secure Communications: Server Certificate will be highlighted but View Certificate, and Edit will not be highlighted.) This starts the Web Server Certificate Wizard Choose "Create a new certificate" Choose "Prepare the request now, but send it later" Choose a Default Web Site name Fill in Organization info Fill in Common name: (Name of your computer) Fill in Geographical Info Certificate Request File Name - will default to c:\certreq.txt (If it already exists, choose to replace it) Request File Summary - hit <Next> Finish the wizard and hit <ok> 2) Go to Certificate Services Web Site - http://your computer/certsrv Choose "Request a certificate" Choose "Advanced Request" Next > Choose "Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file". Under "Saved Request" box, click "Browse" and click on to your previously saved certreq.txt file. It should appear in "File Name". Click "Read" and the Certificate Request will appear in the "Base64 Encoded Certificate Request" box. Click Submit and close browser. 3) Go to your Administrative Tools\Certification Authority You should see your newly requested Certificate under "Pending Requests". Right-Click and issue it. Should show up under "Issued Certificates" 4) Go back to the Certificate Services Web Site - http://your computer/certsrv Select "Check on a pending certificate" You should see your highlighted certificate in the box. Click Next> Should say "The certificate you requested was issued to you" (DER encoded is fine) Choose "Download CA Certificate", Open file from Current location. You will now see your certificate: Issued to: Your computer Issued by: The Trusted CA Authority Choose "Install Certificate" which will bring you to: The Certificate Import Wizard Choose "Automatically select the certificate...." Click finish and you should get "The import was successful" pop-up box. Click OK and then OK to close the "Certificate" window 5) Go to IIS Manager Web Site Properties\Directory Security Tab Go down to Secure Communications, Server Certificate This starts the Web Server Certificate Wizard Choose "Assign an existing certificate" In the "Select a certificate" window, highlight your certificate, choose Next>. Certificate Summary window, choose Next>. Finish Secure Communications: Server Certificate, View Certificate, and Edit should now be highlighted. 6) Go to Windows Start Menu and run “mmc” In Microsoft Management Console (mmc), Select Control-M to add Snap-in In the Add/Remove Snap-in window, select the Add button In Add Standalone Snap-in window, choose Certificates and select the Add button Choose “My User Account” and select Finish button The Certificates for current user should appear in the Snap-in window Select the Add button Choose Certificates and select the Add button Choose “Computer Account” and select Next button Choose “Local Computer” and select Finish button The Certificates for local computer should appear in the Snap-in window Select OK should return you to Console Root window 7) In the Console Root window, there should be 2 certificates: Current User and Local Computer Go to Certificates – Current User (Trusted Root Certification Authorities/Certificates) directory and copy the certificate that was issued to you. Go to Certificates – Local Computer (Trusted Root Certification Authorities/Certificates) directory and paste the certificate. 8) Save the console and The Sample Client Site should function successfully.