Thursday, November 29, 2007

Installing a Turbo SSL Certificate from Godaddy on an SBS box

This is from my own notes (combined with Godaddy's) on how to install a Godaddy Turbo SSL Certificate on a Windows SBS box.

buy certificate from godaddy.com web site

log in to godaddy site

click on My Account

Under My Products, click on "Manage SSL Certificates"

Click "Set up Certificate"

Select certificate you purchased

Click "activate account"

if you've created a cert before with this account, log in, if not, create a new SSL account with a more secure 8 character password and the same username

click "request certificate"

Select certiticate again and click "request certificate"

Create your CSR request for IIS using these instructions:
# Go to Internet Information Services (IIS) Manager on your Exchange server
# Go to Servername -> Web sites -> Default web site . . . and Right mouse-click to select Properties.
# Click the "Directory Security" tab.
# Click the "Server Certificate." button (located in the "Secure communications" area)
# Click "Next" in the Welcome to the "Web Server Certificate Wizard" window.
# Remove the existing certificate
# Click the "Server Certificate." button (located in the "Secure communications" area)
# Click "Next" in the Welcome to the "Web Server Certificate Wizard" window.
# Select "Create a new certificate"; then click "Next."
# Select "Prepare the request now, but send it later" and click "Next."
# In the "Name and Security Settings" window, fill in the name field for the new certificate; then select the bit length (1,024 or higher). Click Next.
# For organization unit, you can put in "na" without quotes
# Verify the information in the request and click "Next."
# On the "Completing the Web Server" screen, click "Finish."
# Open the generated CSR file; then, using a plain-text editor, such as Windows Notepad, copy and paste the CSR into the online enrollment form.

godaddy will send an email to the administrative contact for the domain and if approved, the certificate will be sent via email.


then when you have the email with the link to the certificate, follow these instructions:

Installing SSL Certificate and the Intermediate Certificate Bundle (gd_iis_intermediates.p7b)

Before you install your issued SSL certificate you must download and install our intermediate certificate bundle (gd_iis_intermediates.p7b)on your Web server. You may also download the bundle from the repository.

Once you have downloaded and saved the certificate bundle, please follow the instructions below to install it.

Installing Intermediate Certificate Bundle (gd_iis_intermediates.p7b):

1. Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC).
2. In the Management Console, select File; then "Add/Remove Snap In."
3. In the Add/Remove Snap-In dialog, select Add.
4. In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
5. Choose Computer Account; then click Next and Finish.
6. Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
7. If necessary, click the + icon to expand the Certificates folder so that the Intermediate Certification Authorities folder is visible.
8. Right-click on Intermediate Certification Authorities and choose All Tasks; then click Import.
9. Follow the wizard prompts to complete the installation procedure.
10. Click Browse to locate the certificate file (gd_iis_intermediates.p7b).
11. Choose Place all certificates in the following store; then use the Browse function to locate Intermediate Certification Authorities. Click Next.
12. Click Finish.

Installing SSL Certificate

1. Select the Internet Information Service console within the Administrative Tools menu.
2. Select the Web site (host) for which the certificate was made.
3. Right mouse-click and select Properties.
4. Select the Directory Security tab.
5. Select the Server Certificate option.
6. The Welcome to the Web Server Certificate Wizard windows opens. Click OK.
7. Select Process the pending request and install the certificate. Click Next.
8. Enter the location for the certificate file at the Process a Pending Request window. The file extension may be .txt or .crt instead of .cer (search for files of type all files).
9. When the correct certificate file is selected, click Next.
10. Verify the Certificate Summary to make sure all information is accurate. Click Next.
11. Select Finish.

NOTE: If the Go Daddy root certificate is currently installed on your machine you will need to disable it from the Trusted Root Certification Authorities folder. Please follow the instructions below to do this:

1. Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC).
2. In the Management Console, select File; then "Add/Remove Snap In."
3. In the Add/Remove Snap-In dialog, select Add.
4. In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
5. Choose Computer Account; then click Next and Finish.
6. Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
7. If necessary, click the + icon to expand the Certificates folder so that the Trusted Root Certification Authorities folder is visible..
8. Expand the Trusted Root Certification Authorities folder.
9. Double-click the Certificates folder to show a list of all certificates.
10. Find the Go Daddy Class 2 Certification Authority certificate.
11. Right-click on the certificate and select Properties.
12. Select the radio button next to Disable all purposes for this certificate.
13. Click OK.

NOTE: Do not disable the Go Daddy Secure Certification Authority certificate located in the Intermediate Certification Authorities folder. Doing so will break the server, causing it to stop sending the correct certificate chain to the browser.

No comments: