Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-09-01 13:30:49.0

SSL/TLS Certificate Installation Instructions - Microsoft ISA

Article Number: 46363

Before you begin
  • Never share private key files. 
  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
  • For more information on SSL/TLS Best Practices, click here.

 

Installing your Entrust SSL/TLS Certificate on Microsoft ISA


In order to import your certificate to an ISA server, the certificate and private key must first be exported from the server where it was first installed.
The certificate and private key must then be imported to the ISA server into the personal certificate store.

Part 1 - Export the Server Certificate to a PFX file

The certificate and private key can be backed up by exporting the certificate to a PFX file, as described in the steps below:

  1. Click Start, and then click Run.
     
  2. Type in mmc and click OK.
     
  3. From the File menu, choose Add/Remove Snap-in.
     
  4. In the new window that appears, click Add.
     
  5. Select Certificates and then click Add.


     
  6. Choose the Computer account option and click Next.


     
  7. Select Local Computer and then click Finish.


     
  8. Click Close, and then click OK. You should see the snap-in for Certificates (Local Computer) in the console.


     
  9. Expand the Certificates (Local Computer) tree in the left preview panel.


     
  10. Expand the Personal folder in the left preview panel and click on the Certificates folder.


     
  11. Right-click on the certificate you wish to backup. Select All Tasks > Export.


     
  12. The Certificate Import Wizard appears. Click Next.
     
  13. Select Yes, export the private key and click Next.


     
  14. Select Personal Information Exchange as the format you want to use. Check the box to Include all certificates in the certification path. Do not check the box to Delete the private key. Click Next.


     
  15. Enter a password for the private key and confirm. Remember this password as you will need it to import the certificate. Click Next.


     
  16. Supply a file name to save your PFX file and click Next.


     
  17. Click Finish to complete the Certificate Export Wizard.


     
  18. You should see a dialog box indicating the export was successful. Click OK.


Part 2 - Import the Server Certificate onto the ISA server

A certificate and private key saved in PKCS #12 (.PFX) format can be imported to a Microsoft web server by following the steps below:

  1. Click Start, and then click Run.
     
  2. Type in mmc and click OK.
     
  3. From the File menu, choose Add/Remove Snap-in.
     
  4. In the new window that appears, click Add.
     
  5. Select Certificates and then click Add.

 

  1. Choose the Computer account option and click Next.

  1. Select Local Computer and then click Finish.

  1. Click Close, and then click OK. You should see the snap-in for Certificates (Local Computer) in the console.

  1. Expand the Certificates (Local Computer) tree in the left preview panel.

  1. Expand the Personal folder in the left preview panel and click on the Certificates folder.

  1. Right-click the Personal folder and select All Tasks > Import.

     
     
  2. The Certificate Import Wizard appears. Click Next.
     
  3. Browse to the location of your PFX file and click Next.

  1. Enter the password for the private key. Select Mark this key as exportable and click Next.

  1. Select Automatically select the certificate store based on the type of certificate and click Next.

  1. Click Finish to complete the Certificate Import Wizard.

  1. You should see a dialog box indicating the import was successful. Click OK.



Part 3 - Enable SSL on your ISA Server
 

  1. Open your ISA Server Management application and select Firewall Policy.

 

 

  2. Right click on the firewall policy for the site in question and select properties.

 

 

  3. Select the Listener tab.

    

 


  4. Click Properties and select the Certificates tab.

    

 

  5. Click Select Certificates and highlight the new certificate. Click Select.


   

 

  6. Click OK.  Click Apply to save the changes.

   


  7. The ISA server may have to be restarted for the changes to be updated.

 
 

TN7864