Monday 21 August 2017

Creating a Wildcard Certificate in IIS and SBS 2011

I like to make certificate requets in IIS - its a bit more universal than using the SBS console. The below steps explain how to create a certificate request in IIS and then how to import that certificate into the SBS console to use on an SBS 2011 domain.

1. Open Internet Information Server (IIS)
2. Go to the server node (if your server is called "SBS" it would be the one that says "SBS" with your domain and username after it
3. In the main window scroll down to the section entitiled "IIS", find "Server Certificates" and then double click it
4. In the new section, click "Create Certificate Request" on the right hand side
5. Fill in your information
    a. Common name is the name of the domain you're securing, if you're having a wildcard certificate the common name should start *. (so *.microsoft.com for example)
    b. Organisation is the companys name who will own the certificate
    c. Organisation Unit is for the company department, we usually just use "IT"
    d. City/local/state/country are where the company is based
6. Click Next
7. Generally, most certificate authoritise will want your bit length to be 2048 (not always the case!) if so, change this
8. At this point, I would storngly recommend clicking the ... so you can save the request file somewhere useful rather than just giving it a name
9. Click finish and you will now have your CSR file ready to purchase a certificate
10. Copy the contents of the CSR file and then go to your certificate provider and follow the wizard.
11. When requested to enter your CSR, paste it into the window
12. On the next page, the CSR should then tell you the domain name its securing - at this point double and triple check its correct!
13. Gernally, an email will be sent to one of the domain contacts which you will need to act on to complete the certificate (I usually use postmaster@)
14. Once the certificate has been created it will be sent to you
15. Go back to IIS on the server and on the same menu on the right select "Complete Certificate Request"
16. Select the file taht your certificate authoristy have sent you (if they havent sent a file and just sent a plaintext response, simply save this into a text document then select that instead) and give it a friendly name (something you can reconize it by) and click OK
17. The certificate is now installed on your server and can be used as needed

(if adding to SBS 2011)
18. Go to the SBS console
19. Go to the "Network" button and select the "Connectivity" tab
20. Select " Add a trusted certificate" on the right hand side
21. Click "Next" and then select "I want to use a certificate that is already insatlled on the server"
22. Select the new certificate from the list and follow the wizard through

Certificate not appearing in the list in the SBS Wizard? Are you defintely sure the "Internet Address" is set to the same domain you've registed for the certificate?