Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-07-18 11:43:20.0

Entrust Datacard SSL/TLS Certificate Installation Instructions - Microsoft Forefront TMG

Article Number: 46427

User-added image
Purpose:
 SSL/TLS certificate installation guide
For  Microsoft Forefront TMG
User-added image


Skip to Installation.

Before you begin...

  • Never share private key files. 

  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).

  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.

  • For more information on SSL/TLS Best Practices, click here.

Installing your Entrust SSL/TLS Certificate on Microsoft Forefront TMG

In order to import your certificate to a TMG server, the certificate and private key must first be exported from the server where it was first installed.

The certificate and private key must then be imported to the TMG server into the personal certificate store.

Part 1 - Export the Server Certificate to a PFX file

The certificate and private key can be backed up by exporting the certificate to a PFX file, as described in the steps below:

  1. Click Start, and then click Run.

  2. Type in mmc and click OK.

  3. From the File menu, choose Add/Remove Snap-in.

  4. In the new window that appears, click Add.

  5. Select Certificates and then click Add.

  6. Choose the Computer account option and click Next.

  7. Select Local Computer and then click Finish.

  8. Click Close, and then click OK. You should see the snap-in for Certificates (Local Computer) in the console.

  9. Expand the Certificates (Local Computer) tree in the left preview panel.

  10. Expand the Personal folder in the left preview panel and click on the Certificates folder.

  11. Right-click on the certificate you wish to backup. Select All Tasks > Export.

  12. The Certificate Import Wizard appears. Click Next.

  13. Select Yes, export the private key and click Next.

  14. Select Personal Information Exchange as the format you want to use. Check the box to Include all certificates in the certification path. Do not check the box to Delete the private key. Click Next.

  15. Enter a password for the private key and confirm. Remember this password as you will need it to import the certificate. Click Next.

  16. Supply a file name to save your PFX file and click Next.

  17. Click Finish to complete the Certificate Export Wizard.

  18. You should see a dialog box indicating the export was successful. Click OK.


Part 2 - Import the Server Certificate on the Forefront TMG Server

A certificate and private key saved in PKCS #12 (.PFX) format can be imported to a Microsoft web server by following the steps below:

  1. Click Start, and then click Run.

  2. Type in mmc and click OK.

  3. From the File menu, choose Add/Remove Snap-in.

  4. In the new window that appears, click Add.

  5. Select Certificates and then click Add.

 

  1. Choose the Computer account option and click Next.

  1. Select Local Computer and then click Finish.

  1. Click Close, and then click OK. You should see the snap-in for Certificates (Local Computer) in the console.

  1. Expand the Certificates (Local Computer) tree in the left preview panel.

  1. Expand the Personal folder in the left preview panel and click on the Certificates folder.

  1. Right-click the Personal folder and select All Tasks > Import.

     

  2. The Certificate Import Wizard appears. Click Next.

  3. Browse to the location of your PFX file and click Next.

  1. Enter the password for the private key. Select Mark this key as exportable and click Next.

  1. Select Automatically select the certificate store based on the type of certificate and click Next.

  1. Click Finish to complete the Certificate Import Wizard.

  1. You should see a dialog box indicating the import was successful. Click OK.



Part 3 - Enable SSL on your Forefront TMG Server

 

  1. Select: “Firewall Policy”

   

   2. On the right hand side, Select the “Toolbox” tab then expand the “Web Listener” folder. Right click on the Web Listener you wish to bind the certificate to and select Properties.

     
 

   3. Select: “Certificates” tab, Select: “Select Certificates”

      


   4. Select the certificate from the list, once selected verify at the bottom under “Certificate Installation Details” that there is no issues with the certificate and then click on “Select”.

     

     The certificate is now correctly installed in Microsoft Forefront TMG.

 

  5. The TMG Server might have to be restarted for changes to be updated.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
 

CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

TN8459