8.6.5.1            Creating a Certificate Request

To create a Web server certificate, follow these steps:

1.       Open the Internet Service Manager Microsoft Management Console (MMC). To do this, click Start, point to Programs, point to Administrative Tools, and click Internet Service Manager.

2.       Double-click the server name so that you see all of the Web sites.

3.       Right-click the Web site where you want to install the certificate, and then click Properties.

4.       Click the Directory Security tab.

You see three security methods. The one you will use to create a certificate request is Secure Communications.

5.       Click Server Certificate. A Certificate Wizard starts. Click Next to continue.

6.       Select Create a new certificate, and then click Next.

7.       Select Prepare the request now, but send it later and click Next.

8.       Type a name for your certificate, and choose a bit length. Unless it is needed for your lab, do not select the SGC Certificate check box. (For more information on SGC certificates, see the note at the end of this section.) Click Next to continue.

9.       Type your organization name and the organizational unit (for example, company name and development department). Click Next.

10.   Type either the fully qualified domain name (FQDN) or the server name as the Common Name. If you are creating a certificate that will be used over the Internet, it is preferable to use a FQDN. Click Next.

11.   Enter your location information, and then click Next.

12.   Type the path and file name to save the certificate information to.

NOTE:
If you enter anything other than the default location and file name, be sure to note the name and location you choose, because you will have to access this file in later steps.

Click Next to continue.

13.   Verify the information that you have entered, and then click Next to complete the process and create the certificate request.

NOTES: Server Gated Cryptography (SGC) certificates are used most often by financial institutions that require high-encryption connections even when connecting with international users or browsers that are limited to 40-bit encryption. When connecting to an international browser (40-bit), an SGC certificate creates a 128-bit tunnel to allow 128-bit encryption strength. When the secured connection or session ends, the intermediate certificate tunnel is closed.

Another attribute of the SGC certificate is that it is strictly domain-specific. Ordinarily, if the domain name of a certificate does not match the domain of the Web site, you receive a warning stating this fact and you can choose to continue or not. A SGC certificate does not give you a warning or offer choices. The connection fails without explanation.