Entrust Certificate Services Support Knowledge Base
Audience: General
Last Modified: 2009-08-26 09:55:48.0
TN 7864 - How do I Import an SSL Certificate to my Microsoft Internet Security (ISA) server?
Question:
How do I Import an SSL Certificate to my Microsoft Internet Security (ISA) server?
Answer:
In order to import your certificate to an ISA server, the certificate and private key must first be exported from the server where it was first installed.
How do I Import an SSL Certificate to my Microsoft Internet Security (ISA) server?
Answer:
In order to import your certificate to an ISA server, the certificate and private key must first be exported from the server where it was first installed.
The certificate and private key must then be imported to the ISA server into the personal certificate store.
To export your certificate from IIS 6:
1 - Start > Run and enter MMC. Press the enter key.
2 - Click File, Add/Remove Snap-in.
3 - Click Add.
4 - Select Certificates and click Add.
5 - A wizard will open. Select Computer Account and click Next.
6 - Select Local Computer and click Finish.
7 - Click Close.
8 - Click OK.
9 - Expand Certificates on the left hand side of the console window.
2 - Click File, Add/Remove Snap-in.
3 - Click Add.
4 - Select Certificates and click Add.
5 - A wizard will open. Select Computer Account and click Next.
6 - Select Local Computer and click Finish.
7 - Click Close.
8 - Click OK.
9 - Expand Certificates on the left hand side of the console window.
10 - Locate the Personal Certificates folder and the certificate you need to export.
11 - Right click on the certificate and select Export under All Tasks. Complete the export wizard by providing a password and path to the .pfx file.
To import your certificate on the ISA server:
1 - Start > Run and enter MMC. Press the enter key.
2 - Click File, Add/Remove Snap-in.
3 - Click Add.
4 - Select Certificates and click Add.
5 - A wizard will open. Select Computer Account and click Next.
6 - Select Local Computer and click Finish.
7 - Click Close.
8 - Click OK.
9 - Expand Certificates on the left hand side of the console window.
2 - Click File, Add/Remove Snap-in.
3 - Click Add.
4 - Select Certificates and click Add.
5 - A wizard will open. Select Computer Account and click Next.
6 - Select Local Computer and click Finish.
7 - Click Close.
8 - Click OK.
9 - Expand Certificates on the left hand side of the console window.
10 - Locate the Personal Certificates.
11 - Right click and select Import under All Tasks.
12 - Complete the Import wizard by providing the correct password and the path to the .pfx file.
13 - The certificate should appear in the personal certificate folder. It should also show that a private key is associated to it.
Importing the Entrust L1B Intermediate Certificate:
If your certificate expires after 2010, you will have to install the Entrust L1B Chain certificate. To install this:
1 - Start > Run and enter MMC. Press the enter key.
2 - Click File, Add/Remove Snap-in.
3 - Click Add.
4 - Select Certificates and click Add.
5 - A wizard will open. Select Computer Acount and click Next.
6 - Select Local Computer and click Finish.
7 - Click Close.
8 - Click OK.
9 - Expand Certificates on the left hand side of the console window.
10 - Right click on the intermediate Certificate authority and under All Tasks, select Import.
11- Point the wizard to the L1B Chain certificate file and click Complete.
2 - Click File, Add/Remove Snap-in.
3 - Click Add.
4 - Select Certificates and click Add.
5 - A wizard will open. Select Computer Acount and click Next.
6 - Select Local Computer and click Finish.
7 - Click Close.
8 - Click OK.
9 - Expand Certificates on the left hand side of the console window.
10 - Right click on the intermediate Certificate authority and under All Tasks, select Import.
11- Point the wizard to the L1B Chain certificate file and click Complete.
Create an SSL Listener:
1 - Open the ISA Manager and right click on the server that will accept the SSL connections.
2 - Select Properties.
2 - Select Properties.
3 - Click the Incoming Web Requests tab.
4 - Click the IP address entry for the site. If there is no static IP address set here, select All IP addresses.
5 - Click Edit.
6 - Click Use a Server Certificate to Authenticate Web Users.
6 - Click Use a Server Certificate to Authenticate Web Users.
7 - Click Select and chose the certificate that was just imported as a .pfx file.
8 - Click OK.
8 - Click OK.
9 - Select Enable SSL Listener.
To complete the installation, restart the ISA box.
SSL Certificates
Extended Validation (EV)
Advantage SSL
Standard SSL
Unified Communications
Code Signing Certificates
Adobe CDS
![[Certification Authorities - Webtrust - Deloitte]](/images/cert_services/deloitte_seal_sm.jpg)
1-866-267-9297