česky | english
Jak vytvořit nový pár klíčů a žádost o certifikát (CSR) v IIS 5.0
Vytvoření klíčů a žádosti o certifikát (CSR) pro Microsoft Internet Information Server (IIS) 5.0.
Postup vygenerování veřejného a privátního klíče a CSR pro a MS web server IIS-5
Proces generování klíčů
- Pod 'Administrative Tools' (Nástroji pro správu) otevřete 'Internet Services Manager' (Správce IIS). Pak otevřete okno vlastností webu, pro který si chcete vyžádat certifikát. Vlastnosti otevřete pravým klikem myši na kořen příslušného webu.
Otevřete záložku Directory Security
- In the 'Directory Security' folder click on the 'Server Certificate' button in the 'Secure communications' section. If you have not used this option before the 'Edit' button will not be active.
Select '''''Create a new certificate'''''
- Now 'Create a new certificate'.
Prepare the request
- You'll prepare the request now, but you can only submit the request via the online request forms. We do not accept CSRs via email.
Enter a certificate name and select Certificate strength
- Select 'Bit length'. We advise a key length of 1024 bits.
- You have now created a public/private key pair. The private key is stored locally on your machine. The public portion is sent to CAcert in the form of a CSR.
- You will now create a CSR. This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. The following characters must be excluded from your CSR fields, or your certificate may not work:
! @ # $ % ^ * ( ) ~ ? > < & / \
Enter your Organisation Information
- Enter the Organisation name: this must be the full legal name of the Organisation that is applying for the certificate.
- The Organisational Unit field is the 'free' field. It is often the department or Server name for reference.
Enter your Common Name
- The Common Name is the fully qualified host and Domain Name or website address that you will be securing. Both 'www.CAcert.org' and 'secure.CAcert.com' are valid Common Names. IP addresses are usually not used.
Enter the geographical details
- Your country, state and city.
Choose a filename to save the request to
- Select an easy to locate folder. You'll have to open this file up with Notepad. The CSR must be copied and pasted into our online form. Once the CSR has been submitted, you won't need this CSR any more as IIS won't reuse old CSR to generate new certificates.
Confirm your request details
Finish up and exit IIS Certificate Wizard
Certificate Installation process for IIS 5.0
After your certificate has been emailed to you, follow this process to install the certificate.
Saving the certificate
- Copy the contents of the email including the
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
- lines. Do not copy any extra line feeds or carriage returns at the beginning or end of the certificate. Save the certificate into a text editor like Notepad. Save the certificate with an extension of .cer and a meaningful name like certificate.cer
- Copy the contents of the email including the
Installation steps
- Return to the 'Internet Information Services' screen in 'Administrative Tools' under 'Control Panel'. Right click on 'Default Web Site' and select 'Properties'.
Select the Directory Security tab
- Select 'Server Certificate' at the bottom of the tab in the 'Secure communications' section.
In the 'IIS Certificate Wizard' you should find a 'Pending Certificate Request'.
- Ensure 'Process the pending request and install the certificate' is selected and click on 'Next'.
Browse to the location you saved the .cer file to in step 1
- Select the .cer file and click 'Next'.
Ensure that you are processing the correct certificate
- ...then click 'Next'.
You will see a confirmation screen.
- When you have read this information, click 'Finish'.
And you're done!
For more information, refer to your server documentation or visit Microsoft Support Online.