Install and Configure SSL Certificate on Windows Server PDF
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chapter 14 - 04 - Discuss PKI and Certificate Management Concepts - 08_ocred.pdf
- Certificate Stapling Explained PDF
- Chapter 15 - Data Security Controls PDF
- SSL Installation Guide PDF
- Strategic Human Resources Management: Compensation and Benefits for Private and Public Sector (2015) PDF
- Formation Vente Immobilière AJPC 2024 PDF
Summary
This document discusses installing and configuring SSL certificates on Windows Server. It provides a walkthrough of the process, from creating a certificate signing request (CSR) to assigning the SSL certificate to an appropriate website. This guide is a good resource for cybersecurity professionals working with Windows Server.
Full Transcript
Certified Cybersecurity Technician...
Certified Cybersecurity Technician Exam 212-82 Data Security Install and Configure SSL Certificate on Windows Server [P [y 0o x [ [ T LT w o e e - v o ey U SR e \ e Mo M b by - n getone mgetone P M1"A M1¢ @ Ml ¢MYe [V [y iy &8 MThe b BP -B Motnatey Comoten iy kR NFH Monatey — Ppned QA A Pesttn Pestte. T ¥PET w [ ().. S o 194 494 o Ve oo et e Phaem Shstm b (= = =) - - " A B e9 o,. [ - ) = &-~ - T i L e R o N — N e BEGIN NEW CERTIFICATE ----- DEGIN CEATIFICATE REQUEST 3 a2 € €« B 8 9 8 » #A ¥ 3s T 1EVDCCALGEAGAVEE 2 T CVDCTASOCAGAMS S ELMAKEAL ELMANGAL We w W e Amtan gy e e el ek e s e g s J4 e et el e e LA oy Pow oy [cGTuaSugEHES ST R v EU S LL) ENKBYCALUZANNS EVKBYCALUEANNZAI434383 L4 L - =— 79017 7901 Ixg o S ¢ = +/82x) 4/ 8723 /1 ’” 2. B ol =1 -P.m.o:nmomna«zn.nm«mzum.m.a:nmomna«:n.nm«mzum |1 g) (iscUsmteei) en foe il Comovven touseve P &) 1RAOIVECE) 1BARIVRCE) 3wleo 37wl - =2 /+GrcaliE nauufl €cBEIRLyLppi mnl!yupz‘mt e.. aa Pa.'Y 2" —— um:uung?vlhnnon.\mx-/: Ml'flYn’aGl)?vllAnJ'JOhADfl-/1 XE81L)Xurl KES1L)Xurl ¥y ¥ 2 e|9 4 o+ ¥BT [} ooQ F ull(alubl.l:nubll'lnl ull(aluDlJJnAUll'lnl n Install SSL Certificate et @ Gevme Geve St ey fey et by e MY /Q4TYR/0Dc/ /Q4TYR/0Dx/ €« 3 8N » 4H 9» uv § | Ty a.mnivax.:nmunxumunnxmmnuua.wumvzzmma«um a.mnivsx.:nmunxumunnxoxmnuua.wumvzzmma«um S e eyey W et e s LAACKROI 9/92/1/b0g9TkASUMK 9/92/1/b0g9 T khaluk —— — i m-b.vvm-/pxmnuumyvunzununuy:mx;::un-uuxmurflx m-b.vvm-/pxmnuumyvunzununuy:baex;uun-uuxmuren "@ lob |obeh21ukniDE 282 1uknlDE2 4NBE 4NBL bepCla £GviKT Gy KT 6/6/2Y2Y Mg IdHakuce IdHakuc ae sv NEW MEW CERTIFICATE REQUEST----- REQUEST----= o-. o Bt i it > (@] Filter: Filter: -* v Go Go -~ (5 ShowAll ElqShowAIl L Create Domain Certificate... Create Domain Certificate... 7} Issued To Self-Signed Certificate... Create Self-Signed. Name Name | Certificate... Enable Automatic Rebind of Renewed Certificate @ Help < > [ =] Features View |i_7 [=]] |(_7 Content View ~ v Ready ‘3 H Figure 15.53: Clicking on Create Certificate Request =* |In In the request certificate’s Distinguished Name Properties page, fill the following details. oo Common name: Type the domain name @]o Organization: Enter the company’s legally registered name. o Organization unit: Type the department name. o City/locality: Type the name of the city where the company is legally located. o State/Province: Type the name of the state/province where the company is legally located. oo Country: Select the name of the country where the company is legally located. = (Click Click Next after entering the details. Module 15 Page 1811 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Tec Technician hnician Exam 212-82 Data Security Request Certificate ? X “‘ “' Distinguished Name Properties Specify the required information for the certificate. State/province and City/locality must be specified as official names and they cannot contain abbreviations. Common name: lwww.luxurytvut:.con*] lwww.luxurytreat:.corr{ | Organization: [ecc lECC |l Organizational unit: " IIT Il | | City/locality City/locality [Leni [Lehi \] State/province: State/province: [or IUY | 1 Country/region: [us [US vv Figure 15.54: Filling Distinguished Name Properties Page = On the Cryptographic Service Provider Properties page, enter the following details. = Cryptographic service provider: From the drop-down menu, select Microsoft RSA u ser does not have a specific cryptographic SChannel Cryptographic Provider if the user provider. = Bit length: From the drop-down menu, select 2048. = (Click Next. Request Certificate li" H Cryptographic Service Provider Properties Select a cryptographic service provider and a bit length. The bit length of the encryption key determines the certificate’s encryption strength, The greater the bit length, the stronger the security. However, a greater bit length may decrease performance. h " CA d Cryptographic el service pp service [Microsolt RSA SChannel Cryptographic Provider [Miclosolt 2 v] Bit length: 2048 2048 v | Previous t Cancel \ Cryptograph ic Service Provider Properties Page Figure 15.55: Filling Details on Cryptographic Module 15 Page 1812 EG-Gouncil Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security *= On the File Name page, Specify a file name for the certificate request, browse to the location, and save the csr.txt file. Click Finish. Request Certificate ? X ' |u File Name Specify the file name for the certificate request. This information can be sent to a certification authority for signing. Specify a file name for the certificate request: — IC:\Users\Administrator.WEBSERVER\Documents\cnd.txt e == Figure 15.56: Specify a file name for the certificate request = Open the csr.txt file in a text editor, copy the complete text including the tags, and paste it on the SSL certificate provider form. = After receiving SSL certificate from the provider, install it. MIICvDCCRaQCAQAWdzEIMAKGALUEBNMCVVMxEJAQBgNVBAGTCV1IvdXITAGFOZTER MABGALUEBxMIWWS1ckNpdHkxCzAJBgNVBAsTAK1UMRowGAYDVROKEXFZb3VyQ29t cGFueSwgSWSjLIEYMBYGALUEAXMPA3d3LmV4YW1lwbGUuY29tMIIBIJANBgkghkiG SwOBAQEFAROCAQBAMIIBCgKCAQEAST7SBFFREACAXsUkZwrQka/nAlKbo+ISDANW32 +/8Rxj /KtXVddscKiWlobHGpMKPwdme JqOpQwIkIChYjSUQSpPKzdGpeccDME /ecFO J7EaQZszLvSAqdRQwZRAaekB8SmocVmd3LxEOX4VvALBOMLHVErBS /vhY£GECLIbe31 RAEbdXyHDtHk1RACIVQCEJTwBWENAD33 TvmHW7QOREFYUcad £cTJh7RvEFHS ywawx TpVEaDbZPuTgUhw7wksKNFxceGOxeTMr /+GreciHEuZ0chqg86CBPOSRIyLpp2 +RMSE mErMEYmI0E5)7TvEYaKEJUOIJtASMIs/Z27aXfS1LjXurLUOnCOQQIDAQABOARWDRYT KoZIhveNAQEFBQADggEBAKLSSgoyAYOpenrQZEvCGlizrK1kS3D8JInAiPINHE]B /qdTYR+/8Dr/hMcwwUSThGAVEEe8eMkketUNWAdAPZSCS04Ts2z+ENEDOBGAOFc4rw ixTvbl5vSXe3shGijRGIzzHVGRoORIr TxQt IuMaDAr3xl1VEjHbevZTcpX0KbgeHL1G NLA4CXsOI4KGWwu4FX£SzJECb3gEJD8HaMPEBVEBexr5G0owv/g/92/1/b0g97kAcUwk MZeDsvPhMx/pENGbnLPed XMy 7NPiEdzFna¥YtUy2BDcXJ3ZQEWXRWK1ERGgS/YeWI ob£5ziuNmlDE24NBtScpCNzEGviKT 6/ RYEfWg3dMaKxe= Figure 15.57: SSL certificate Module 15 Page 1813 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Step 2. Install SSL Certificate = Save the SSL certificate sent by the SSL certificate provider. * From Windows start menu, type Internet Information Services (IIS) Manager and open it. = |nInthe the new IIS Manager window’s Connections menu, navigate to and click on the server name. W Internet Information Services (11S) @3 (1IS) Manager - (m] o Xb €(€ 5 93 |93 WEBSERVR » WEBSERVER @ W @ e- File View Help Q-2 18 @) Cfl WEBSERVER Home o — &3 vStart o§j Start Page Page | Filter: *S r— -- \y)Show ¥ Go & ShowAll ANl 5 &S< Restant Restan. 9] WEBSERVER (WEBSERVER\Ad\ Mappings Redirect Respon... Respen... 2|, 8® ~A Stop oo ?{ w“. “ EI El IF J’F View Application Pools ISAPland ISAPIFilters Logging MIME Types Type: View Sites CGI Restri... Restri.. Change NET Framework d fl 1 o P s Version :’!‘"‘ :f" o Q- LV LoV ©@ Get New et New Web Web Platform Platform Modules Output Request Server Components Caching Filtering | Certificates Centificates © - v 23 Worker Processes bbt. < Ready | D v comte N (.“, Content View €. Ready ‘i Figure 15.58: Selecting the Name of the Server = On the server’s Home page (central pane) in IIS section, double-click Server Certificates. = In|n the right pane’s Actions menu, click Complete Certificate Request link. (IS) Manager ) Internet Information Services (IIS) o=- o =) X & & | |63,» WEBSERVER 8] WEBSERVER »» w ot@e- @w File View Help === oL\ e 818 @3 ‘#f sServer erver erver Certificat Certificates Certificates S — | W3 Start Page PR :-';‘- Staet Page Use Use this feature to request and manage certificates that the Web Create Creste Certificate Reguest Request vv N3M3 WEBSERVER WEBSERVER (WEBSERVER\AI (WEBSERVERVAI || ,o1ver ,orver can can use with websites use with websites configured configured for SSL. for SSL. Request I Complete Certificate Request, ] o Ready ‘i R 6. Figure 15.59: Clicking on Complete Certificate Request Module 15 Page 1814 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security = |n the Complete Certificate Request window, fill the following details o File name containing the certification authority’s response: Browse and select the saved SSL certificate sent by the SSL certificate provider. o Friendly name: Enter a friendly name for the certificate in order to identify it. o Select a certificate store for the new certificate: From the drop-down menu, Select Web Hosting. = (Click OK. Once the SSL certificate is successfully installed, assign tit to the appropriate Click website. Step 3. Assign SSL Certificate = From 1IS IS Manager’s Connection menu, select the name of the server on which the SSL certificate was installed, then select the site on which the user wants to use the SSL certificate. = On the home page of the website, click the Bindings link under Edit site section of the Actions menu. '5 Internet Information Services (IIS) Manager — aO X (& f& (& » WEBSERVER » Sites » &=t & st @- File View Help Connections. Actions Q- — C-ld |28&, |2 e'il s? Sites @ @ Add Website... Add Website... r,\ 3 Start Page W3 Set Website Defaults... v 95 WEBSERVER e e = (WEBSERVER\ADI | _ Filter: (WEBSERVER\AG{ e o A= v Go SAR ~ \\s1Show z1 S h o w Show R All — g gP ||g Add FTP Site... L} Application Pools 1} Name D Status Binding h g> Set FTP Site Defaults... >> @, Sites