This is Part 2 of our series on implementing Client Certificate mapping in FTP 7.5. Today we will Install Server Certificate on IIS.
In Part 1, I gave you a brief background of the environment we will be working on in our scenario.
Issue Server Certificate
- Click on the computer name in IIS Manager and double click on Server Certificates
![image007_thumb]( "image007_thumb")
- Click on Create Certificate Request…
![image008_thumb]( "image008_thumb")
- Fill in the textboxes as per your requirement.
![image009_thumb]( "image009_thumb")
- Let the Cryptographic service provider be as default
![image010_thumb]( "image010_thumb")
- Select a location to save the certificate request
![image011_thumb]( "image011_thumb")
- Click Finish
- Send this file across to your CA to provide a response; in our case we will generate the response by accessing the local CA website.
- Access the CA, by typing https://server1/certsrv in Internet Explorer
- Click on Request Certificate
- Click on advanced certificate request
- Click on Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
- Open the certreq.txt, we generated in Step 5 and select the text from the line below ---BEGIN NEW CERTIFICATE REQUEST---- till ----END NEW CERTIFICATE REQUEST---- and copy it.
![image012_thumb]( "image012_thumb")
- Paste the text in Saved Request
- Under Certificate Template: select Web Server and click Submit
- Click Yes in the Web Access Confirmation prompt (if it appears)
- Select Base 64 encoded and click on Download certificate and Download certificate chain and save them.
- You should have 2 files, one certnew.cer and certnew.p7b
- Open IIS Manager, click on computer name and double click Server Certificate
- Click Complete Certificate Request…
![image013_thumb]( "image013_thumb")
- Select certnew.cer we saved earlier, click OK
![image014_thumb]( "image014_thumb")
- We now have Server Certificate installed on IIS
![image015_thumb]( "image015_thumb")
- You should also install the Certificate Chain, as your CA will not be in the Trusted Root CA list.
Next, we will create FTP site and enable Client Certificate on FTP. Stay tuned…
Hope this helps,
Vivek Kumbhar
Quote of the day:
If there's anything unsettling to the stomach, it's watching actors on television talk about their personal lives. - Marlon Brando