Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-09-01 13:30:49.0

SSL/TLS Certificate Installation Instructions - Microsoft Forefront TMG

Article Number: 46427

Before you begin
  • Never share private key files. 
  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
  • For more information on SSL/TLS Best Practices, click here.

 

Installing your Entrust SSL/TLS Certificate on Microsoft Forefront TMG


In order to import your certificate to a TMG server, the certificate and private key must first be exported from the server where it was first installed.
The certificate and private key must then be imported to the TMG server into the personal certificate store.

Part 1 - Export the Server Certificate to a PFX file

The certificate and private key can be backed up by exporting the certificate to a PFX file, as described in the steps below:

  1. Click Start, and then click Run.
     
  2. Type in mmc and click OK.
     
  3. From the File menu, choose Add/Remove Snap-in.
     
  4. In the new window that appears, click Add.
     
  5. Select Certificates and then click Add.


     
  6. Choose the Computer account option and click Next.


     
  7. Select Local Computer and then click Finish.


     
  8. Click Close, and then click OK. You should see the snap-in for Certificates (Local Computer) in the console.


     
  9. Expand the Certificates (Local Computer) tree in the left preview panel.


     
  10. Expand the Personal folder in the left preview panel and click on the Certificates folder.


     
  11. Right-click on the certificate you wish to backup. Select All Tasks > Export.


     
  12. The Certificate Import Wizard appears. Click Next.
     
  13. Select Yes, export the private key and click Next.


     
  14. Select Personal Information Exchange as the format you want to use. Check the box to Include all certificates in the certification path. Do not check the box to Delete the private key. Click Next.


     
  15. Enter a password for the private key and confirm. Remember this password as you will need it to import the certificate. Click Next.


     
  16. Supply a file name to save your PFX file and click Next.


     
  17. Click Finish to complete the Certificate Export Wizard.


     
  18. You should see a dialog box indicating the export was successful. Click OK.


Part 2 - Import the Server Certificate on the Forefront TMG Server

A certificate and private key saved in PKCS #12 (.PFX) format can be imported to a Microsoft web server by following the steps below:

  1. Click Start, and then click Run.
     
  2. Type in mmc and click OK.
     
  3. From the File menu, choose Add/Remove Snap-in.
     
  4. In the new window that appears, click Add.
     
  5. Select Certificates and then click Add.

 

  1. Choose the Computer account option and click Next.

  1. Select Local Computer and then click Finish.

  1. Click Close, and then click OK. You should see the snap-in for Certificates (Local Computer) in the console.

  1. Expand the Certificates (Local Computer) tree in the left preview panel.

  1. Expand the Personal folder in the left preview panel and click on the Certificates folder.

  1. Right-click the Personal folder and select All Tasks > Import.

     
     
  2. The Certificate Import Wizard appears. Click Next.
     
  3. Browse to the location of your PFX file and click Next.

  1. Enter the password for the private key. Select Mark this key as exportable and click Next.

  1. Select Automatically select the certificate store based on the type of certificate and click Next.

  1. Click Finish to complete the Certificate Import Wizard.

  1. You should see a dialog box indicating the import was successful. Click OK.



Part 3 - Enable SSL on your Forefront TMG Server

 

  1. Select: “Firewall Policy”

   

   2. On the right hand side, Select the “Toolbox” tab then expand the “Web Listener” folder. Right click on the Web Listener you wish to bind the certificate to and select Properties.

     
 

   3. Select: “Certificates” tab, Select: “Select Certificates”

      


   4. Select the certificate from the list, once selected verify at the bottom under “Certificate Installation Details” that there is no issues with the certificate and then click on “Select”.

     

     The certificate is now correctly installed in Microsoft Forefront TMG.

 

  5. The TMG Server might have to be restarted for changes to be updated.

TN8459