[["Type", "Mode", "Notes"],
["CSR", "text", ""],
["*.asc", "text readable", "public key, private key, base64"],
["*.cer", "", ""],
["*.crt", "ascii", ""],
["*.gpg", "binary/ascii ?", "key"],
["*.p10", "binary", ""],
["*.p7b", "ascii PKCS7", ""],
["*.pfx", "binary", ""],
["*.pgp", "", ""]]
Windows 2008
1. Remote desktop into the server where you want to swap out the SSL Certificate.
2. Copy over the Private key file and the Certificate file to a working directory on the server.
3. Open Command prompt and run "mmc"
4. Once the Console opens, Close the Command Prompt.
5. Add "Certificates"
6. Choose "Computer account"
7. Click "Next" button.
8. Confirm that "Local computer:" is choosen.
9. Click "Finish" button.
10. Click "OK" button.
11. Expand the "Certificates (Local Computer)" tree.
12. Expand "Certificate Enrollment Requests"
13. Right click the "Certificates" directory.
14. Choose "All Tasks" > "Import..."
15. Add private key file to "Certificate Enrollment Requests".
16. Click the "OK" button to the Certificate Import Wizard.
17. Close the Console.
18. Open IIS
19. Select the server.
20. Double click the "server Certificates" icon.
21. On right hand menu title "Actions" choose, "Complete Certificate Request..."
22. For "File name containing the certification authority's response:" select the cert file.
23. For "Friendly name:" type "*.webcvo.net (2018-11-15)".
24. Click the "OK" button.
25. Double click the file and ensure that the Private Key and Cert are associated by checking for
"You have a private key that corresponds to this certificate".
26. Go to the Default Web Site
27. on right-hand menu title "Actions", choose "Binding..."
28. Select "https".
29. Click the "Edit..." button.
30. For "SSL certifiate:" choose the friendly name from step 21.
31. Click the "OK" button.
32. Click the "Close" button.
33. Confirm with any browser that the Cert has been updated.
34. Close IIS.
35. Delete the Private Key file and Certificate file.
36. Clear recycle bin.
37. Logoff the server.
Signature Algorithm: sha1RSA/sha256RSA
Crypt32.dll 5.131.3790.4905 Current
Crypt32.dll 5.131.3790.4477 from hotfix (KB968730)
Crypt32.dll 5.131.3790.5012 from KB2718704
Crypt32.dll 5.131.3790.5235 version fixes the issue
Crypt32.dll 5.131.3790.5362
http://serverfault.com/questions/606805/enabling-sha2-certificate-support-on-windows-server-2003
http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
http://stackoverflow.com/questions/4507352/sha256-not-working-even-after-hotfixes
http://support.microsoft.com/kb/2868626
http://www.microsoft.com/en-us/download/details.aspx?id=29971
http://www.vorck.com/windows/hotfixes_2003.html
http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
http://stackoverflow.com/questions/2628468/sha2-certificates-in-windows-2003-ca
http://blogs.technet.com/b/pki/archive/2013/09/19/upgrade-certification-authority-to-sha256.aspx
Important...
http://howproblemsolution.com/fix/enabling-sha2-certificate-support-on-windows-server-2003.13040/
certutil -repairstore my 0123456789
To entroll SSL Certificate
http://support.microsoft.com/kb/295281
http://www.networksolutions.com/support/setup-guide-nsprotect-secure-ssl-certificate/
http://www.networksolutions.com/support/generating-a-certificate-signing-request-csr/
Certificate Signing Request (CSR)
mmc
certutil.exe -dump file.p10
1. Introduction
1.1. This documentation is on setting up SSL Certificates for websites.
1.2. It will be useful when SSL Certificates need to be:
1.2.1. Created, or
1.2.2. Renewed
2. What is a CA?
2.1. CA means Certificate Authority. They are the ones who issue and verify your SSL Certificates.
2.2. There are many trusted CA’s. For example:
2.2.1. GoDaddy
2.2.2. Symantec
2.2.3. Comodo SSL
2.2.4. GlobalSign
2.2.5. DigiCert
2.2.6. Entrust
2.2.7. NetworkSolutions
2.2.7.1. Keep in mind that NetworkSolutions no longer support SHA1.
2.2.8. VeriSign, etc.
1. Create a CSR (Certificate Signing Request)
1.1. In order to obtain a signed certificate from the CA, it is necessary to submit a CSR.
1.2. If you’re obtaining a brand new certificate for the very first time or renewing a certificate,
it will output a text file. For example: “SampleCertRequest.txt” It will look something like this.
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIGZTCCBE0CAQAwgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UE
BxMLTG9zIEFuZ2VsZXMxIDAeBgNVBAoTF01lZHZlcnNhbnQgVGVjaG5vbG9naWVz
MQ0wCwYDVQQLEwRpdHNzMSEwHwYDVQQDHhgAKgAuAHcAZQBiAGMAdgBvAC4AbgBl
AHQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCw4WyFGb3jmwTZGzO3
K+v+Z83sUipWMTkhyeqvsbs1rgdJW7LJShgLf5xGNtrDFhSaLcXEO3mYXKJgLBB/
rVDs67cFUGila5+jwiojZiLn2ThljB3w+5ZZWGP6IjUnDpfZ1zSCCAybl1rmcVyl
KXJ80XCTC17i2JQdyc/6P9fJTywvnfpKRv0DN76UCJruDFFcTWyjkTmZpi3fGQkc
4Ol8vumm9DH/hZQXGClnGgeXl/ghre2w15sGWWvmZSgZ6vslpK4NvhqvluzogzvN
6L2XGSSNSXY9
-----END NEW CERTIFICATE REQUEST-----
1.3. You will need to generate this from IIS.
1. Certificates
1.1. Zip file
1.2. Cert return types:
1.2.1. Network Solutions will return 4 files (4 *.crt files)
1.2.2. GoDaddy will return 2 files (1 *.crt file, 1 *.p7b file)
Certificates (Local Computer)
Personal
Certificates
Intermediate Certificateion Authorities
Certificates
Certutil –repairstore my 03AB35GC “Serial number”
Certificates > Personal > Certificates
Certificates > Intermediate Certification Authorities > Certificates
Certificates > Certificate Enrollment Reqeusts > Certificates