Knowledgebase
InCommon Server Certificates
Posted by Gabe Moliken on 19 November 2013 04:12 PM

InCommon Certificate Manager - https://cert-manager.com/customer/InCommon

 

  • Select ‘Certificates’ tab
  • Click ‘Add’ button
  • “Request New SSL Certificate” – paste CSR test into “CSR” box to autofill most fields
    • Common Name = server name
    • Type =
      • InCommon SSL (single server/site)
      • InCommon Wildcard SSL Certificate (wildcard cert)
      • InCommon Multi Domain SSL (Add’l SubjAltNames)
    • Organization = Ursinus College
    • Department = Any
    • External Requester = N/A, Can be left blank
    • Server Software = Microsoft IIS v5.x and later (for most installs)
    • Certificate Term = 1year or 2 year
    • CSR = copied text from server certificate request wizard
  • After request is complete, the new certificate will be added to the list with a status of “Requested”
  • Select the certificate radio button and click ‘Approve’ – Status will change to ‘Applied’
  • Email from Certificate Services Manager will have links for certificate download
    • Use “as X509 Certificate only, Base64 encoded:” link
  • Return to IIS and complete certificate request
  • Edit https binding to new certificate

 

Exchange01 – New wildcard certificate

  • create certificate request through IIS (not exchange shell – shell does not handle wildcards properly)
    • *.ursinus.edu / Ursinus College / Information Technology / Collegeville / PA
  • Get key from InCommon
  • Complete Certificate Request through IIS
  • From exchange shell:
    • Get-exchangecertificate | fl (this will list all certificate requests and active/expired certificates) – need thumbnail of new certificate
    • Enable-exchangecertificate –thumbprint 3362acfb50ef51272639957673916703aabba0444 –services “smtp,iis” (may have to run this command a second time and restart iis a 2nd time if the first time doesn’t work)
    • Restart iis
    • Check for certificate in MMC / Certificates (local computer)\personal\certificates
      • Make sure private key corresponds to certificate

 

Gummi – New Multi Domain Certificate - Must update SQL Reporting Services

  • Start -> Programs ->SQL 2008 ->configuration Tools -> Reporting Services Configuration manager
  • Need to update certificate in 2 places:
    • Web Service URL
    • Report Manager URL
  • Advanced button
  • Edit button in ‘Multiple SSL Identities for Report manager’
  • Drop down menu in ‘Certificate’
  • Select new certificate.

 

Webserv3 - New Multi Domain Certificate

  • Add SubjectAltNames for ursinus.edu and www.ursinus.edu

 

Knute – New SSL Certificate

  • From command prompt:
    • C:\ssl> certreq –new request.inf knute.req
      • Request.inf should already exist in folder
      • Will create a file named knute.req that includes the key to provide to Entrust
    • Copy key and create new cert in Entrust
    • Save Entrust key as *.cer file
    • C:\ssl > certreq –accept *.cer
  • MMC > Certificates > Computer account > local computer > personal
    • New cert should be there.

 

Zack2 - New Multi Domain Certificate - Need to get the unencrypted Private Key for EZproxy. 

 

USE THIS TO UNENCRYPT THE PRIVATE KEY:

 

http://nl.globalsign.com/en/support/ssl+certificates/microsoft/all+windows+servers/export+private+key+or+certificate/

 

 

 

FIRST, CREATE THE PFX FILE:

 

  • Go to mmc certificates.
  • On new cert, all tasks -> export
    • Yes, export private key
    • Include all certificates in the certification path
    • Export all extended properties

 

SECOND, EXPORT THE PRIVATE KEY FILE FROM PFX FILE

 

  • Run - openssl pkcs12 -in filename.pfx -nocerts -out key.pem

 

THIRD, EXPORT THE CERTIFICATE FROM THE PFX FILE

 

  • Run - openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

 

FOURTH, REMOVE THE PASSPHRASE FROM THE PRIVATE KEY

 

  • Run - openssl rsa -in key.pem -out server.key

With unencrypted private key and entrust server cert, login to http://zack2.ursinus.edu:2048/ssl

  • Username/password is in the user.txt file
  • Click import existing ssl certificate
  • Paste server cert and private key
  • Click import certificate
  • Paste chain certificate 

 

IIS7 –

 

  • Launch IIS Manager
  • Highlight top level (server name)
  • Select ‘Server Certificates’ from the IIS group in right pane
  • In Actions pane, select “Create Certificate Request”
    • *.ursinus.edu / Ursinus College / Information Technology / Collegeville / PA
  • Copy text from the text file listed in the wizard (i.e. c:/certreq.txt)
  • Complete Certificate Request from InCommon
    • When done, have to Edit Bindings on Default Web Site to use new cert

IIS6 –

  • Launch IIS Manager
  • Expand Websites
  • Go to Properties of the
  • Directory Security tab -> Server Certificate button - >complete wizard to renew certificate
  • Copy text from the text file listed in the wizard (i.e. c:/certreq.txt)
  • Complete Certificate Request from InCommon
  • With the new certificate, run the Server Certificate wizard again to complete process.
(0 vote(s))
Helpful
Not helpful

Comments (0)