Tutorials

 Für unsere deutschen Kunden Premier Support ist auch in deutscher Sprache verfügbar. Wir helfen Ihnen gerne bei allen Ihren Migrationsproblemen.
Specify Alternate Text

How to install a 3rd party certificate on SBS 2003 with ISA 2004

This article will describe step by step how to install or renew a third party certificate on SBS 2003 with ISA 2004. The Official SBS Blog already published in 2007 an article how to do that on SBS 2003 Standard (The Official SBS Blog : How to Install a Public 3rd Party SSL Certificate on IIS on SBS 2003: http://blogs.technet.com/sbs/archive/2007/08/21/how-to-install-a-public-3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx), so this article will extend that article to the SBS servers that have ISA 2004 installed.

The steps are exactly the same for ISA 2004, but we don't transfer the certificate to the Default Web site. The Default Web site with ISA 2004 has the publishing.company.local certificate assigned to it, and that will need to stay that way.

A special note for mobile devices like Nokia E61 (and others for sure, but this device is the one that we could test): some devices really need the Intermediate Certificate Bundle installed, before they will accept the third party certificate. It also happens, that third party vendors are changing their intermediates which will cause errors. So check if your mobile device has the current intermediate certificate installed and if it is up to date. It doesn't hurt however, to always just install the Intermediate Certificate Bundle on the server. Some mobile devices also require that the intermediate certificate is in the .cer format. To obtain that file, follow the steps in this article.


Create a temporary web site in IIS and create the CSR

To be able to request the right certificate from a third party vendor, you will need to create a new web site in IIS with the FQDN you want to use. This web site will be temporary and will be deleted after the certificate has been installed.

  1. From the Administrative Tools open the IIS mmc and expand your server name. Select the Web Sites in the left pane and right click, New, Web Site:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  2. The Web Site Creation Wizard will show and you click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  3. You type the exact FQDN for which you will want the certificate. In this example we are using the FQDN remote.company.com. Be very careful and check the FQDN as this will be used to request the certificate for. Then click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  4. You leave the IP Address and Port Settings alone and type the FQDN for the host header, then click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  5. Browse to the C:\Inetpub\wwwroot folder, leave the checkbox for "Allow anonymous access to this Web site" check marked, and click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  6. Leave the Web Site Access Permissions alone and click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  7. Click Finish at the completed Web Site Creation Wizard:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  8. You will see that the new web site has been added in the Web Sites in IIS. We will now create the request for the certificate. Right click on the remote.company.com Web Site and choose Properties:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  9. Select tab Directory Security, click button Server Certificate:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  10. The Web Server Certificate Wizard appears, click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  11. We will create a new certificate, click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  12. The only choice is to Prepare the request now, but send it later, so click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  13. Type the FQDN for which you want the certificate, leave the other settings alone and click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  14. You will have to type something in both fields and we recommend you type in your business name, then click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  15. At the Common name you will see that your server name is being suggested by the wizard, change this to the FQDN remote.company.com and click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  16. In the Geographical Information you will find that the country has been selected already, but change it if needed. Fill in the state and city where your company is located and click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  17. The file name for the certificate request is suggested and if you agree with that, click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  18. The summary is showing all the information you have entered in the previous screens. Double check this where the field "Issued to" is the most important, as this is going to be the certificate you are requesting. When all is fine, click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  19. Click Finish at the completion of the web server certificate wizard:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  20. Close Properties of the remote.company.com web site.

File the CSR data to request the certificate

  1. The certreq.txt file has the data that is necessary to request the certificate. You log into the web site of your third party certificate vendor, and in our example we are using Go Daddy. In the left pane (Step 1) you fill in the company details that are needed:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  2. The right pane (Step 2) will get the contents of the certreq.txt file. While leaving the web page for a moment, use Windows Explorer to open the certreq.txt file which we had saved in the root of the C partition:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  3. Select all the text with Ctrl+A and when all the text is highlighted press Ctrl+C to copy the text to the clipboard:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  4. Go back to the GoDaddy web page, put the cursor in the blank box for the CSR in the right pane of Step 2 and paste the contents with Ctrl+V. Leave the Microsoft IIS in the drop-down list and check mark the box at the bottom, then click Continue:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  5. Double check the information and click Confirm:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  6. The request has been submitted and you click Done:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  7. You will receive an email that contains a link to download the certificate bundle. The link will give you the page where you can download the certificate and you leave the default choice to IIS and click Continue:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  8. Click on the link to Download Signed Certificate:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  9. Click Save to save the file:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  10. Browse to the location where you want to save the file and if you wish you can rename that certificate bundle. In our example we named it godaddy.zip. Click Save:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  11. When the download is complete, click Open:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  12. Click the Extract all files link at the left:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  13. Click Next in the Extraction Wizard:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  14. Browse to the destination and click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  15. Uncheck the Show extracted files box and click Finish:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004

Install the Intermediate Certificate Bundle

A special note for mobile devices like Nokia E61 (and others for sure, but this device is the one that we could test): some devices really need the Intermediate Certificate Bundle installed, before they will accept the third party certificate. It also happens, that third party vendors are changing their intermediates which will cause errors. So check if your mobile device has the current intermediate certificate installed and if it is up to date. It doesn't hurt however, to always just install the Intermediate Certificate Bundle on the server. Some mobile devices also require that the intermediate certificate is in the .cer format. To obtain that file, follow the steps in this article.

Before we can install the certificate, we will have to install the Intermediate Certificate Bundle first. This is the gd_iis_intermediates.pb7 file in our example.

  1. We will open a command prompt and start the mmc snap-in with start mmc:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  2. We will add the certificates snap-in in the File menu with Add/Remove Snap-in:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  3. Click the Add button:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  4. Select the Certificates snap-in and click Add:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  5. Select the Computer account and click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  6. Leave the default Local Computer selected and click Finish:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  7. You will return to the Add screen which you Close now:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  8. The Certificates Snap-in has been added, so click OK:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  9. Expand the Certificates, expand the Intermediate Certification Authority and right click Certificates. Choose All Tasks and then Import:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  10. The Import Wizard appears, click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  11. Browse to the location where you have extracted the godaddy zip file and select the gd_iis_intermediates.p7b file, then click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  12. When the import wizard has finished, click Finish:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
    Click OK:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  13. For certain devices like Nokia mobile phones, it is necessary that those intermediate certificates are being exported to a file format that Nokia understands. Right click the first Go Daddy certificate and from All Tasks, choose Export:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  14. The Export Wizard appears, click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  15. Leave the file format to the default DER and click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  16. Browse to the folder where you want to save the exported certificate. For easy access, the Clientapps\SBScert folder would do nicely and you give the file an easy recognizable name like GoDaddy_Intermediate.cer. Then click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  17. On completion click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  18. Click OK.
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  19. Export the other GoDaddy intermediate certificate the same way:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004

Install the certificate in the temporary web site

  1. Now we can install the certificate in the temporary web site. In IIS right click the remote.company.com web site and choose Properties:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  2. Select tab Directory Security, Server Certificate:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  3. The Web Server Certificate Wizard appears, click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  4. As the request is pending, leave the suggested Process the pending request and click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  5. Browse to the location where you have saved the extracted GoDaddy files and select the remote.company.com certificate, click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  6. Leave the suggested SSL port like it is and click Next:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  7. The Certificate Summary will show the information and click Next to install it:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  8. After the wizard has completed, click Finish:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  9. If you click on the View Certificate button, you will see this:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  10. Click OK and OK to close the properties of the remote.company.com web site.
  11. In the certificates mmc, Personal, Certificates, you should see the Go Daddy certificate as well as the old self signed and the publishing certificate:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  12. You can now close the certificates mmc.

Assign the certificate to the web listeners in ISA 2004

  1. The last thing we will have to do is to assign the new certificate to all the web listeners in ISA 2004. Open ISA mmc, in the Firewall Policy node in the right pane choose the Toolbox. Select Network Object and expand the Web Listeners. Select the SBS Company Web listener and click Edit:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  2. Select tab Preferences and in the SSL part click the Select button:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  3. Select the new certificate and click OK:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  4. Click OK:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  5. Select the SBS Web listener and assign it the new certificate the same way, then click Apply at the top of the ISA 2004 mmc to complete the configuration:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  6. Click OK:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  7. Check from a computer outside your network if the new certificate doesn't give any problems. You should get the /remote or /exchange page without the questioning of the certificate. If you are having mobile phones, check if they can sync properly. If everything is working correct, we can delete the temporary web site in IIS.
  8. Right click the remote.company.com web site and choose Delete:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004
  9. Click Yes to confirm the deletion:
    How to install a 3rd party certificate on SBS 2003 with ISA 2004

Subscribe and receive ‘how to’ and ‘best practice’ articles on server and cloud maintenance, design and troubleshooting.

  • Monthly newsletter with a summary of all new tutorials
  • Get an email as soon as a new tutorial has been published

About www.server-essentials.com 

www.server-essentials.com is founded by Mariette Knap, a Dutch Microsoft MVP. www.server-essentials.com is a community for IT Consultants and Business Owners who, themselves, take care of the IT infrastructure and Employees who do that little extra in the company to keep things running. Our forum is for discussing all things ‘IT’ and more.  Our documentation is top notch and written by and for the community.

Change your cookie settings


 
Contact Us

Concentrix BV

C. de Rijcklaan 1

3723 PM Bilthoven

The Netherlands

KvK 30202318

VAT Id 814036739B01

The layout of this page is made to be viewed online.