Learn how you can build customer confidence around Internet security. This guide will explain the various ways in which your business can benefit if you secure your MSIIS server with a Thawte digital certificate.
TM TM
Securing your Microsoft Internet Information
Services (MS IIS) Web Server with a thawte
Digital Certificate A STEP-BY-STEP GUIDE to test, installand use a thawte Digital Certificate on yourMS IIS Web Server...
1. Overview
2. System Requirements
3. Generate your Private Key & Certificate Signing Request (CSR) Pair
4. Backing up your Private Key File
5. Requesting a thawte Test Certificate
6. Installing a thawte Test Certificate
7. Requesting a Trusted thawte Certificate
8. Installing a Trusted thawte Certificate
9. Configuring the Certificate for use in MS IIS
10. Export the Trusted thawte Certificate with the Private Key attached after installation
11. Useful URLs
12. What Role Does thawte Play?
13. The Value of Authentication
14. Contact thawte
15. Glossary of TermsTM TM
1. Overview
In this guide you will find out how to test, purchase, install and use a thawte Digital Certificate on your MicrosoftInternet Information Services (MS IIS) web server. Throughout, best practices for set-up are highlighted tohelp you ensure efficient ongoing management of your encryption keys and digital certificates. We will alsotouch on the role of thawte as a trusted third party and how using a thawte digital certificate can benefit yourbusiness by addressing unique online security issues to build customer confidence.
The information in this guide applies to:Microsoft Internet Information Services version 4.0Microsoft Internet Information Services version 5.0Microsoft Internet Information Services version 5.1Microsoft Internet Information Services version 6.0
2. System Requirements
You must have the latest Service Pack installed for the particularversion of MS IIS being used.Service Pack guideline:
. If you are running MS IIS 4.0, you should have Service Pack 6a installed.
. If you are running MS IIS 5.0 or MS IIS 5.1, you should have Service Pack 3 installed.
For the latest MS IIS Service Packs, please refer to the Microsoft'ssupport web site at the following url:http://support.microsoft.com/default.aspx?scid=FH;[LN];sp&
USEFUL WEBSITES:http://support.microsoft.com/default.aspx?scid=fh;en-us;iishttp://support.microsoft.com/default.aspx?scid=fh;EN-US;iis50http://support.microsoft.com/default.aspx?scid=fh;EN-US;iis60TM TM
3. Generating your Private Key and Certificate SigningRequest (CSR) Pair
Before you can begin the process of obtaining a Certificate, you must generate a Private Key and CSR pairoff the web server. This is done through the IIS Management Console (IIS must be installed before you cangenerate a Private Key and CSR pair off the web server). A CSR is basically a Public Key that you generateon your server that validates the computer-specific information about your web server and Organization whenyou request a Trusted Certificate from thawte.
Digital ID's make use of a technology called Public Key Cryptography. Before you can enroll for a Certificate,a Private Key and Certificate Request (CSR) must be generated from the server. The Public Key, also knownas a Certificate Signing Request (CSR), is the key that must be sent to thawte.
The Private Key must remain on the server and should never be released into the public domain. thawtedoes not have access to your Private Key. It is generated locally on your server and is never transmitted tothawte. The integrity of your Digital ID depends on your private key being controlled and known exclusivelyby you. A CSR cannot be generated without generating a Private Key file nor can the Private Key file begenerated without generating a CSR file. Both are generated simultaneously through the Wizard on theweb server.
Typically, you will be prompted to enter the following information about your Organization in order to generatethe Private Key and CSR pair off the web server:
Organization NameOrganizational UnitsCountry CodeState or ProvinceLocalityCommon Name*
Important Note
The term "common name" is X.509 terminology for the name that distinguishes the Certificate best, and ties itto your Organization. In the case of SSL Web Server Certificates and 128-bit SuperCerts, enter your exact hostand domain name that you wish to secure. This may also be the root server or intranet name for yourOrganization. Example: If yo... [download for more]
