Wednesday, August 18, 2021
CREATE CSR AND COMPLETE SSL TLS CERTIFICATE REQUEST RESPONSE IN IIS
Hi Everyone, Welcome to another exciting article by PKI404. Please follow the below steps thoroughly to Create CSR in IIS and complete the request response from CA.
CREATE CSR AND COMPLETE SSL TLS CERTIFICATE REQUEST RESPONSE IN IIS
1. Open Internet Information Services (IIS) Manager
Click Start, Control Panel, System and Security, Administrative Tools, and then select Internet Information Services (IIS) Manager.
OR
Open Run - type - inetmgr
2. Select the server where you want to generate the certificate
In the left Connections menu, select the server name (host) where you want to generate the request.
3. Navigate to Server Certificates
In the center menu, click the Server Certificates icon under the Security section near the bottom.
4. Select Create a New Certificate
In the right Actions menu, click Create Certificate Request.
5. Enter your CSR details
In the Distinguished Name Properties window, enter in the required CSR details and then click Next.
Note: To avoid common mistakes when filling out your CSR details, for wildcard use *.domain.com
6. Select a cryptographic service provider and bit length
In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next.
Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility.
7. Save the CSR
Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish.
8. Generate the Order
Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including:
-----BEGIN CERTIFICATE REQUEST-----
And
-----END CERTIFICATE REQUEST-----
Submit the CSR to Certificate Authority once you receive the SSL certificate follow the below steps.
Install Your SSL Certificate
1. On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that you received from your CA.
2. Open Internet Information Services (IIS) Manager (click Start > Administrative Tools > Internet Information Services (IIS) Manager).
3. In the Connections pane, locate and click the server.
4. In the server Home page (center pane) under the IIS section, double-click Server Certificates.
5. In the Actions menu (right pane), click Complete Certificate Request.
6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:
CA's response file:
Click the … button to locate the .cer file you received from CA
(e.g., your_domain_com.cer).
Friendly name:
Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate.
Note: We recommend that you add the issuing CA (e.g., Globalsign) and the expiration date to the end of your friendly name; for example, yoursite-globalsign-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name.
7. Click OK to install the certificate.
IMPORT INTERMEDIATE AND ROOT CERTIFICATE IN MMC
Hello Everyone, Welcome to another article by PKI404 for importing Intermediate and root certificate in MMC. Follow the steps below
IMPORT THE INTERMEDIATE AND ROOT CERTIFICATE IN MMC
Import Intermediate Certificate using MMC
1. Open MMC
To open MMC (Microsoft Management Console), go to Run (Win+R), type mmc & click OK
2. Access Add or Remove Snap-Ins
In MMC, click on File & select the option ‘Add/Remove Snap-in’
3. Select Add
In the window ‘Add/Remove Snap-ins,’ select the ‘Certificates’ option and click on the ‘Add’ button
4. Select ‘Computer Account’
7. Import Intermediate
For importing the Intermediate Certificate, right click on the ‘Intermediate Certification Authorities’ and then go to All Tasks > Import
8. Locate your Intermediate in the Certificate Import Wizard
Browse for your Intermediate Certificate on your Machine. Click on Next
9. Automatically select the certificate store based on the type of certificate.
10. Finish
Click Finish, as certificate has been imported
Import Root Certificate using MMC
To import Root Certificates through MMC (Windows Microsoft Management Console), you must go through same process. Instead of right-clicking on ‘Intermediate Certification Authorities,’ right-click on the ‘Trusted Root Certification Authorities’ and go to All Tasks > Import. The rest of the steps (steps 8 – 10) are the same for Root certificate.
INSTALL SSL ON EXHANGE SERVER 2013 - 2016 VIA IIS
Hi Everyone, Welcome to another exciting article by PKI404. Please follow the below steps thoroughly to install ssl on Exchange server via IIS.
INSTALL SSL ON EXHANGE SERVER 2013 - 2016 VIA IIS
1. Open Internet Information Services (IIS) Manager
Click Start, Control Panel, System and Security, Administrative Tools, and then select Internet Information Services (IIS) Manager.
OR
Open Run - type - inetmgr
2. Select the server where you want to generate the certificate
In the left Connections menu, select the server name (host) where you want to generate the request.
3. Navigate to Server Certificates
In the center menu, click the Server Certificates icon under the Security section near the bottom.
4. Select Create a New Certificate
In the right Actions menu, click Create Certificate Request.
5. Enter your CSR details
In the Distinguished Name Properties window, enter in the required CSR details and then click Next.
Note: To avoid common mistakes when filling out your CSR details, for wildcard use *.domain.com
6. Select a cryptographic service provider and bit length
In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next.
Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility.
7. Save the CSR
Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish.
8. Generate the Order
Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including:
-----BEGIN CERTIFICATE REQUEST-----
And
-----END CERTIFICATE REQUEST-----
Submit the CSR to Certificate Authority once you receive the SSL certificate follow the below steps.
Install Your SSL Certificate
1. On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that you received from your CA.
2. Open Internet Information Services (IIS) Manager (click Start > Administrative Tools > Internet Information Services (IIS) Manager).
3. In the Connections pane, locate and click the server.
4. In the server Home page (center pane) under the IIS section, double-click Server Certificates.
5. In the Actions menu (right pane), click Complete Certificate Request.
6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:
CA's response file:
Click the … button to locate the .cer file you received from CA
(e.g., your_domain_com.cer).
Friendly name:
Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate.
Note: We recommend that you add the issuing CA (e.g., Globalsign) and the expiration date to the end of your friendly name; for example, yoursite-globalsign-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name.
7. Click OK to install the certificate.
Import Intermediate Certificate using MMC
1. Open MMC
2. Access Add or Remove Snap-Ins
3. Select Add
4. Select ‘Computer Account’
5. Select ‘Local Computer’
6. ‘Certificates (Local Computer)’
7. Import Intermediate
8. Locate your Intermediate in the Certificate Import Wizard
9. Automatically select the certificate store based on the type of certificate.
You will be prompted to the window where you can place the certificate in Certificate Store. Leave without making any changes. If you have PKCS7 file with several certificates in it, you can go with ‘Automatically select the certificate store based on the type of certificate.’ Lastly, click on Next.
10. Finish
Import Root Certificate using MMC
To import Root Certificates through MMC (Windows Microsoft Management Console), you must go through same process. Instead of right-clicking on ‘Intermediate Certification Authorities,’ right-click on the ‘Trusted Root Certification Authorities’ and go to All Tasks > Import. The rest of the steps (steps 8 – 10) are the same for Root certificate.
To import Root Certificates through MMC (Windows Microsoft Management Console), you must go through same process. Instead of right-clicking on ‘Intermediate Certification Authorities,’ right-click on the ‘Trusted Root Certification Authorities’ and go to All Tasks > Import. The rest of the steps (steps 8 – 10) are the same for Root certificate.
Enable the certificate by going back to the certificate section of the Exchange Admin, click on the edit button for highlighted installed certificate from IIS.
§ Your SSL certificate is finally installed and
ready to use.
Thats All for now stay tuned for more such articles :)
HOW TO CONVERT JKS TO WALLET USING ORAPKI
Hello Everyone!! Welcome to another blog by PKI404 where i will walk you through how to create JKS file then JKS (Java keystore) to wallet for oracle wallet manager. So let's start without any further due.
1. First step is to create a pfx and then p12 file or directly create p12 file.
See steps here : How to create pfx file
openssl pkcs12 -in ewallet.pfx -out ewallet.pem
then pem to p12
openssl pkcs12 -export -in ewallet.pem -out ewallet.p12
-name "server"
Keep the password : Password@123
2. Now Convert pfx to JKS
See here : How to create JKS file
Use the below command to create pfx to JKS file.
In windows open /Program files/ JAVA/ JDK/JRE /bin in Admin command prompt and run below command
keytool -importkeystore -srckeystore "C:\Users\pki404\Desktop\ewallet.p12" -srcstoretype pkcs12 -destkeystore C:\Users\pki404\Desktop\certificate.jks" -deststoretype JKS
In Linux run the command anywhere to convert P12/pfx to JKS
3. Now open ORAPKI bin folder it should have orapki tool.
Open command prompt with orapki tool path and run below command to create a empty wallet.
orapki wallet create -wallet ewallet -auto_login -pwd
Password@123
Now Import JKS into created empty wallet
orapki wallet jks_to_pkcs12 -wallet ewallet -pwd Password@123 -keystore D:\servertest.jks -jkspwd Password@123
See the example in below screenshot for creating wallet and importing JKS in wallet
Now that wallet has created Open Oracle wallet manager (OWM) and open the ewallet.p12 and save the wallet.
It should be in ready status.
Stay tuned for more blogs like this :)