Configuring+Certificate+Services

In add new roles, select Active Directory Certificate Services. Click **Next.**

Review the notes, then click **Next**.



Ensure that the **Certification Authority**, **Certification Authority Web Enrollment**, and **Online Responder** check boxes are checked.

Click **Next**.

Click **Next**.



Ensure the **Root CA** radio button is selected and click **Next**.



Ensure the **Create a new private key** radio button is selected.

Click **Next**.



Select an encryption method suitable for your company.

Click **Next**.



Ensure the domain name is correct.

Click **Next**.



Allow certificates to live or 5 years (you can change this if required, but the number must be between 1 and 999).

Click **Next**.



Review the information.

Click **Next**.



Leave the defaults.

Click **Next**.



Review the information.

Click **Install** when you are ready.



Review installation notes and click **Close**.



Open the IIS Manager.

Click your webserver's name, then **Server Certificates**.

Click **Create Certificate Request** in the Right Pane.

Enter the full name of your website (such as www.tart.corp), and all other relevant information.

Click **Next**.



Select the encryption method that is right for your company (higher encryption can result in lower speeds).

Click **Next**.



Create a name for the certificate.

Click **Finish**.



Open Internet Explorer and navigate to your certificate page (//servername/certsrv, or// tartiis/certsrv).

Click **Request a certificate**.



Click **Advanced Certificate Request**.



Open your saved certificate in a text file, and copy the entire contents to the clipboard.



Copy this into the saved request field.

Click **Submit**.



Ensure that the request has been recieved.

Close **Internet Explorer**.



Click **Start > Administrative Tools > Active Directory Certificate Services**

Click the **Pending Approval** container.


 * Right-Click** your request, and select **Issue**.



Open Internet Explorer and navigate to your certificate request page (//servername/certsrv).

Select view the status of a pending request.



Select your certificate.



Use DER encode and select Download Certificate.



Select the certificate you just downloaded.

Type in a friendly name.



Open your website in IIS manager.

Select **Edit Bindings** in the right pane.

Add a new site binding.

Type: https

IP Address: Any Incoming

Port: 443

SSL Certificate: Choose the certificate you created (by friendly name).



Select SSL Settings.

Click the **Require SSL** check box.

Click the **Require** radio button.



media type="custom" key="3486844"