Requirements:

• IIS 5.0
• Internet Explorer 5.01 or higher

STEP 1- Generating CSR (Certificate Signing Request)

1. Access the Internet Services Manager from the Administrative Tools. Open the properties windows for website requiring the certificate, by right-clicking on it.





2. On the Directory Security property sheet, under Secure Communications click Server Certificate. The "Edit" button will be active if these actions have been performed before.





3. In the next window, select "Create a new certificate".





4. Select "Prepare the request now, but send it later" in the next window. You will be required to submit this request when applying for the server certificate at Comtrust's website.





5. Please select the certificate strength and decide upon a name for your server certificate.





6. The public/private key pair creation process is now complete. While the private key is residing locally on your machine, the public key will be sent to Comtrust.





7. Fill in the organization information.





8. Fill in the common name. This has to be a qualified domain name like www.abc.com





9. Fill in the geographic details.





10. Fill in the contact information.





11. Select a location to save the request. This text file will be submitted to Comtrust while applying for the certificate.





12. Confirm all input details.





13. Exit IIS certificate wizard.

STEP 2- Generating CSR (Certificate Signing Request)

1. Apply for server certificate at http://www.comtrust.co.ae/PKIForms/serverenroll.htm



2. Click on Request Server Certificate link.



3. File all the fields in the enrolment page and in the last field copy the part that is shown below of the CSR file including the lines that contain the begin and end statements into the field as follow:



4. Click order at the bottom of the page.
   
   Note : Customer can generate many keys as he want, BUT he has to make sure to keep the valid one before applying for server certificate to avoid any confusion ( i.e. The information in the downloaded certificate and CSR should be matched )



5. After approving the certificate from Comtrust, customer will receive an approval email from Comtrust.



6. Go on http://www.comtrust.co.ae/pkiforms/serverdownload.htm



7. Put your reference number.



8. Use cut & paste download method.



9. Click download.



10. A text file will be generated and displayed to you on the browser as following.

11. Copy all the content and pasted in a text file and save this file - this file is your server certificate.





12. Copy each part between BEGIN & END and save it in separate files the naming of these files could be as follow:

    • The 1st part (GTE CyberTrust Root) : gteroot.cer

    • The 2nd part (Comtrust Server Certificate Authority): ctserverca.cer

    • The 3rd part (Your certificate): abc

    • The 4th part (Comtrust Root Certificate Authority): ctrootca.cer
      
      Note: All parts of the certificates are very important to define the trusted path. Without installing these parts a warning message will appear to the client whenever he accesses the web server.

STEP 3- Configuring the Server Certificate

A. Installing sever certificate (on the web server)

1. Under Administrative Tools, open the Internet Services Manager





2. Right Click on the Default Web Site and choose Properties





3. Click on the Directory Security tab.





4. Under the Secure Communications section, click Server Certificate





5. On the Web Site Certificate Wizard, click Next.





6. Choose to Process the Pending Request and Install the Certificate. Click Next





7. Type in the location of the certificate response file, which you saved earlier. (You may also browse to the file), and then click Next.





8. Read the summary screen to be sure that you are processing the correct certificate and then click Next.





9. You will see a confirmation screen. When you have read this information, click Next.





10. Your Key should now be completely installed.

1. Open Internet Explorer (5.01 or higher a mandatory option)



2. Click on Tools



3. Select Internet options



4. Choose Content from the top menu



5. Click on Certificate.



6. Click import



7. Browse to the root certifying authority certificate that you want to add.



8. Select X.509 Certificate (*.cer;*.crt) file type.



9. Add gteroot.cer file.



10. Click next .



11. Select Place all certificates into the following store.



12. Click Browse, and then click Show physical stores.



13. Expand the Trusted Root Certification Authorities, select Local Computer, and then click OK.



14. Click Next, and then click Finish.



15. Replay point 6 to 14 for the other files (ctserverca.cer & ctrootca.cer )



16. Restart your Web server.



17. END of all the procedures.

TESTING YOUR SERVER CERTIFICATE.

1. Open Internet Explorer 5.01 or higher.



2. Type your URL : https://www.abc.com



3. Double Click on the lock symbol which is located right down in the browser.



4. Check certification path, you should see the trusted following path:
   • GTE CyberTrust Root CA
   • Comtrust Server Certificate Authority - GTE Corporation
   • Comtrust Root Certificate Authority
   • www.abc.com : Customer URL

SECURITY ALERTS

A security Alert may pop up when you try to access your secure web page for various reasons:

Alert	Suggestion fix
This security certificate was issued by a company you have not chosen to trust.	Make sure that you installed the browser certificates correctly (STEP III)-B
The security certificate date is not valid.	You have to renew your certificate from Comtrust (Contact Comtrust)
The name on the security certificate does not match the name of the site	Make sure that you enter the site by typing the name of your site https://www.abc.com (which is the name you used to generate your certificate) instead of the using IP address of another name.