Install Guide
Congure SSL in IIS 7.0 on Windows Server 2008 R2
To congure SSL in IIS 7.0:
1. Download SelfSSL7 utility from the link SelfSSL.exe.
2. Call the utility SelfSSL7.exe with the below mentioned parameters:
SelfSSL7.exe /Q /N cn=Certificate_Name /I /S Web_Site_Name. e.g. SelfSSL7.exe /Q /N
cn="TestCert.TestLab.com" /I /S "Default Web Site"
Conguring Secure Communication Using Root Certicate Authority
Installing Root Certicate Authority in IIS 7 on Windows Server 2008 R2
Use the following guidelines:
In order to install the certicate, two steps need to be followed:
• Install the certicate on Domain Controller server.
• Install the certicate on WDM server.
Installing the Certicate on the Domain Controller Server
Use the following guidelines:
1. Go to the Server Manager.
2. In the tree pane select Roles->Add Roles.
3. In Add Roles wizard, select Server Roles from the tree pane.
4. In select Server Role window, check Active Directory Certicate Service from Roles.
5. Click Next->Next. Then in Role Services, check the options Certication Authority and Certicate Authority Web
Enrolment.
6. After checking the option Certicate Authority Web Enrolment, if IIS is not installed in the server, another window Add
Required Role Services window will appear.
7. On the above window, click Add Required Role Services button and click Next to invoke Specify Setup Type window.
8. In the above window depending on the requirement select either Enterprise or Standalone radio button and click Next to open
Specify CA Type window.
9. In Specify CA Type window, depending on the requirement select either Root CA or Subordinate CA radio button and click
Next to open Setup Private Key window.
10. In Setup Private Key window, depending on the requirement select either Create a new private key or Use existing private
key radio button and click Next to open Congure Cryptography for CA window.
11. In Congure Cryptography for CA window, depending on the requirement select the value for eld Select a cryptography
service provider (CSP) from the combo box, provide the Key character length from the combo box, select the value for eld
Select the Hash algorithm for signing certicate issued by this CA and either check or uncheck Allow administrator
interaction when the private key is accessed by the CA check box and click Next button to open Congure CA Name
window.
NOTE: Common name of the certicate should match with WDM server's computer name.
12. In Congure CA Name window, provide the values for Common name for this CA and Distinguished name sux elds and
click Next to open Set Validity Period window.
13. In the Set Validity Period window, select the validity period for the certicate generated for this CA and click Next to open
Congure Certicate Database window.
14. In Congure Certicate Database window, select the Certicate database location and Certicate database log location
and click Next to open Add Roles Wizard window for IIS.
15. Select the default values and click Next-> Install.
16. It will install the Active Directory Certicate Services, Web Server (IIS) and Remote Server Administration Tools.
17. Once the installation of certicate is over, go to the Internet Information Services Manager of the domain controller.
18. In the Server Manager tree pane, expand Roles, and then click Web Server (IIS)-> Internet Information Services (IIS)
Manager to open IIS Manager window.
55