Comtrust Support

		Home	Contact Us

Search this site

About Us

Our Customers

Our Alliances

e-Hosting

e-Payment

e-Retailing

e-Security

e-Consulting

CA Services

Library

FAQs

Repository

Contact Sales

Glossary

Comtrust Support: Server Certificate: Microsoft Internet Information Server 4.01

Requirements.
STEP 1- Generating CSR (Certificate Signing Request).
STEP 2- APPLYING & DOWNLOADING SERVER CERTIFICATE .
STEP 3- Configuring the Server Certificate.
TESTING YOUR SERVER CERTIFICATE.
SECURITY ALERTS.

Requirements:

IIS 4.0
Internet Explorer 5.01 or higher

STEP 1- Generating CSR (Certificate Signing Request)

Open the Microsoft Management Console.

Expand the Internet Information Server folder by selecting the "+" sign.

After expanding this folder, select the "+" sign next to the computer name.

Right Click on the Default web site and choose properties.

Choose Directory Security, Click on Edit.

Click on Key Manager.

Right Click on the WWW icon and select "Create New Key..."

Choose "Put the request in a file that you will send to an authority."

Type in the file name or keep the default.

Click on Next

Fill in the Key name, Password, Confirm Password. Set the Bit Length to 1024

NOTE: In some cases, IIS 4 might not be able to show you 1024 Bit Length, to fix this problem:
1. Upgrade Internet Explorer to the latest version (version 5.01 or higher)
2. Upgrade your cipher strength for Internet Explorer to 128-bit
These upgrades should have an effect on IIS. After a restart you should be able to generate your key with 1024 Bit Length.

Click on Next

Fill in the Organization, Organization Unit.

Fill in the Common name. NOTE: This should be a fully qualified domain name like www.abc.com

Click on Next

Fill in the Country, State/Province and City/Locality.

Click on Next

Fill in Your name, Email address and Phone number

Click on Next and then Finish

Close the Key Manager and Choose YES when asked to " Commit all Changes ? "

Now you should have a text file where you already specified its location in step 9. This file contains the CSR and it should look like this if opened with notepad:

STEP 2- APPLYING & DOWNLOADING SERVER CERTIFICATE :

Apply for server certificate from http://www.comtrust.co.ae/PKIForms/serverenroll.htm.

Click Request Server Certificate link.

File all the fields in the enrolment page and in the last field copy the part that is shown below of the CSR file including the lines that contain the begin and end statements into the field as follow:

Click order at the bottom of the page.

Note :

After approving the certificate from Comtrust, customer will receive an email providing the certificate reference number and the URL to pickup the digital certificate.

Go on http://www.comtrust.co.ae/pkiforms/serverdownload.htm

Put your reference number.

Use Cut & Paste download method.

Click Download.

A text file will be generated and displayed to you on the browser as following.

Copy all the content and pasted in a text file and save this file - this file is your server certificate.

Copy each part between BEGIN & END and save it in separate files the naming of these files could be as follow:
1. The 1st part (GTE CyberTrust Root) : gteroot.cer
2. The 2nd part (Comtrust Server Certificate Authority): ctserverca.cer
3. The 3rd part (Your certificate): abc
4. The 4th part (Comtrust Root Certificate Authority): ctrootca.cer Note: All parts of the certificates are very important to define the trusted path. Without installing these parts a warning message will appear to the client whenever he accesses the web server.

STEP 3- Configuring the Server Certificate

A. Installing sever certificate (on the web server)

Open Microsoft Management Console.

Right Click on the Default Web Site and choose properties

Click on Directory Security, Click on Edit and then click on Key Manager.

Right Click on the key that you created and Select Install Key.

From the Open dialog, choose the 3rd file (abc.txt) that you have already saved.

Enter the Password.

Click OK for server bindings dialog.

Close the key manager and choose YES when asked to "Commit all Changes?"

Your Key should now be completely installed.

B. Installing the root certifying authority certificates (in the IE browser)

Open Internet Explorer (5.01 or higher a mandatory option)

Click on Tools

Select Internet options

Choose Content from the top menu

Click on Certificate.

Click import

Browse to the root certifying authority certificate that you want to add.

Select X.509 Certificate (*.cer;*.crt) file type.

Add gteroot.cer file.

Click next .

Select Place all certificates into the following store.

Click Browse, and then click Show physical stores.

Expand the Trusted Root Certification Authorities, select Local Computer, and then click OK.

Click Next, and then click Finish.

Replay point 6 to 14 for the other files (ctserverca.cer & ctrootca.cer )

Restart your Web server.

END of all the procedures.

TESTING YOUR SERVER CERTIFICATE.

Open Internet Explorer 5.01 or higher.

Type your URL : https://www.abc.com

Double Click on the lock symbol which is located right down in the browser.

Check certification path, you should see the trusted following path:
- GTE CyberTrust Root CA
- Comtrust Server Certificate Authority - GTE Corporation
- Comtrust Root Certificate Authority
- www.abc.com : Customer URL

SECURITY ALERTS

A security Alert may pop up when you try to access your secure web page for various reasons:

Alert Suggestion fix

This security certificate was issued by a company you have not chosen to trust. Make sure that you installed the browser certificates correctly (STEP III)-B

The security certificate date is not valid. You have to renew your certificate from Comtrust (Contact Comtrust)

The name on the security certificate does not match the name of the site Make sure that you enter the site by typing the name of your site https://www.abc.com (which is the name you used to generate your certificate) instead of the using IP address of another name.