Thawte - How To Buy a Certificate

skyBuilders Certificate

How to Create a Digital Certificate

1) You must first use the Wizard on the target Web Server to prepare a Certificate Request. Thawte says our Web Server generates the CSR.

The CSR asks for City, State, etc.

When I use ca.skybuilders.com, it asks me for basic info, then generates a CSR file, but without the
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
wrapper. Thawte says you must include this wrapper.

Our CA does not ask for a password (to be encrypted and used to unzip the certificate) unless you click Key Options - Create New Keys and check Set the Container Name (You need to enter a filename - I used CSRKeys on desktop - easy to lose and forget.).

2) Then you must go to a Certificate Authority and ask for a Certificate. If you use one of the major CA's (Verisign, Thawte) it will cost $150 or more per year, but your secure pages will be served to the browser with no warning. You may also go to skyBuilders Certificate Authority. It may take some time for any CA to process your request, including skyBuilders CA, because they must verify your identity.

3) When your Certificate is ready, you download it and install it in the web server.

To prepare a Certificate request, you may use Internet Service Manager (MMC) or go to http://ca.skybuilders.com (skyBuilders Certificate Authority)?

skyBuilders CA is wet up for Web Browser certificates and Email certificate. To get a Web Site certificate, you will need to click the Advanced radio button. 

	Default Web Site Properties\Directory Security Tab
	Go down to Secure Communications, Server Certificate
	(Secure Communications: Server Certificate will be 
	highlighted but View Certificate, and Edit will not be 
	highlighted.)
	This starts the Web Server Certificate Wizard
		Choose "Create a new certificate"
		Choose "Prepare the request now, but send it later"   	
		Choose a Default Web Site name			
		Fill in Organization info				
		Fill in Common name:  (Name of your computer)
		Fill in Geographical Info
		Certificate Request File Name - will default to 
		   c:\certreq.txt   (If it already exists, choose to 
			replace it)
		Request File Summary - hit <Next>
		Finish the wizard and hit <ok>

2) Go to Certificate Services Web Site - http://your computer/certsrv
	Choose "Request a certificate"
	Choose "Advanced Request"   Next >
	Choose "Submit a certificate request using a base64 
		encoded PKCS #10 file or a renewal request using a 
		base64 encoded PKCS #7 file". 
  	Under "Saved Request" box, click "Browse" and click on to your
	previously saved certreq.txt file.  It should appear in "File Name".
	Click "Read" and the Certificate Request will appear in the
	"Base64 Encoded Certificate Request" box.
	Click Submit and close browser.

3) Go to your Administrative Tools\Certification Authority 
   	You should see your newly requested Certificate under "Pending 
     	Requests".
   	Right-Click and issue it.  Should show up under 
	"Issued Certificates"

4) Go back to the Certificate Services Web Site - http://your 
computer/certsrv  
		
	Select "Check on a pending certificate"
	You should see your highlighted certificate in the box.  
		Click Next>
	Should say "The certificate you requested was issued to you"
	(DER encoded is fine)
	Choose "Download CA Certificate", Open file from Current location.
	You will now see your certificate:
		Issued to: Your computer
		Issued by: The Trusted CA Authority
	Choose "Install Certificate" which will bring you to:
	The Certificate Import Wizard
		Choose "Automatically select the certificate...."
		Click finish and you should get "The import was
		successful" pop-up box.	
		Click OK and then OK to close the "Certificate" window  	
 		
5) Go to IIS Manager
	Web Site Properties\Directory Security Tab
	Go down to Secure Communications, Server Certificate
	This starts the Web Server Certificate Wizard	   		
	Choose "Assign an existing certificate"
	In the "Select a certificate" window, highlight your 
	certificate, choose Next>.  
	Certificate Summary window, choose Next>.
	Finish
	Secure Communications: Server Certificate, 
	View Certificate, and Edit should now be highlighted.


6) Go to Windows Start Menu and run &#8220;mmc&#8221;
In Microsoft Management Console (mmc),
	Select Control-M to add Snap-in
	In the Add/Remove Snap-in window, select the Add button
	In Add Standalone Snap-in window, choose Certificates and select the 
Add 
button
	Choose &#8220;My User Account&#8221; and select Finish button
	The Certificates for current user should appear in the Snap-in window
	Select the Add button
	Choose Certificates and select the Add button
	Choose &#8220;Computer Account&#8221; and select Next button
	Choose &#8220;Local Computer&#8221; and select Finish button
	The Certificates for local computer should appear in the Snap-in window
	Select OK should return you to Console Root window
	
7)  In the Console Root window, there should be 2 certificates:  Current 
User and 
Local Computer
Go to Certificates &#8211; Current User (Trusted Root Certification
	Authorities/Certificates) directory and copy the certificate that was 
issued to you.
Go to Certificates &#8211; Local Computer (Trusted Root Certification
	Authorities/Certificates) directory and paste the certificate.

8)  Save the console and The Sample Client Site should function 
successfully.