Add or change a Web server certificate
To complete this procedure, you must be logged on as a member of the Domain Admins security group.
To allow access to Web services on your server from the Internet using the Configure E-mail and Internet Connection Wizard, you must use a Web server certificate. The certificate is used to configure the Secure Sockets Layer (SSL) to secure communications between a Web browser and your Web server. You can either have the wizard create a Web server certificate or you can provide a certificate file from a trusted authority.
- Start the Configure E-mail and Internet Connection Wizard.
- On the Connection Type page, click Do not change connection type.
- On the Firewall page, click Do not change firewall configuration.
- On the Web Server Certificate page, do one of the following:
- To create a self-signed certificate, click Create a new Web server certificate, and then type the full Internet name of your server that is used to access your server from the Internet.
- To use a certificate obtained from a trusted authority, click Use a Web server certificate from trusted authority, and then click Browse to locate the certificate. To use this option, you must create a certificate request using the Web Server Certificate Wizard in Internet Information Services (IIS). You can then install the request by selecting this option.
For more information, see Web Server Certificate.
- Follow the instructions to complete the wizard.
- To open the Configure E-mail and Internet Connection Wizard, click Start and then click Server Management. In the console tree, click Internet and E-mail. In the details pane, click Connect to the Internet.
- You must run the Configure E-mail and Internet Connection Wizard at least once before attempting to add, change, or modify a Web server certificate.
- If you want to allow access to Web services on your server using a certificate from a trusted certification authority (CA), but you do not yet have the certificate, it is recommended that you select the Create a new Web server certificate option. You should then create a certificate request using the Web Server Certificate Wizard. Once you receive the certificate, rerun the Configure E-mail and Internet Connection Wizard to install it. To create a certificate request from a trusted authority, complete the following:
To create a certificate request
- Open Server Management.
- In the console tree, click Advanced Management, click Internet Information Services, click YourServerName (local computer), and then click the Web Sites folder.
- In the details pane, right-click Default Web site, and then click Properties.
- On the Default Web Site Properties page, click the Directory Security tab, and under Secure communications, click Server Certificate.
- On the Server Certificate page of the IIS Certificate Wizard, click Create a new certificate.
- On the Delayed or Immediate Request page, prepare a request to be sent later or immediately as needed.
- On the Name and Security Settings page, in Name, type a name for the new certificate. Next, select the appropriate bit length based on your organization's requirement. Verify with the CA that they support certificates of the corresponding encryption strength before submitting the certificate request.
- On the Organization Information page, in Organizational Name, type the legal name of your organization. In Organizational unit, type the name of your division or department. If your organization does not have a division, you can type the legal name of your organization.
- On the Your Site's Common Name page, type the common name for your site exactly as it appears to the external users, such as www.<your domain name>.com.
- On the Geographic Information page, type the required information.
- On the Certificate Request File Name page, type a file name.
- On the Request File Summary Page, click Next.
- Click Finish.
- To open Server Management, click Start, and then click Server Management.