Manually creating a Certificate Request Windows Server 2012 Essentials (Essentials R2 & SBS 2011)
February 6, 2013 11 Comments
Again i have blogged on that before, and the new Essentials 2012 wizard makes the process a lot lot easier. However if you get stuck with generating a CSR (Certificate Signing Request) then you can always use IIS to do this for you.
Loading up IIS we can find Server Certificates.
On the right hand side you have the option to Create a Certificate Request, and inside here we have a form to fill out our details. The common name field is the name we will use to address our site over the internet.
On the next page set the key length to 2048, and then click next to save the file.
I will then paste the content of my CSR file into the website of my Certificate Authority (your CA may vary)
Once the CA has carried out it’s verification checks they will issue your certificate.
In some cases this will be text inside an email, it may be in the form of a file you download, or a collection of files that are emailed to you.
In this particular case i received a zip file.
Inside the zip file you can see i have a txt file with instructions and a CER file, which is the CAs response file, to my CSR. I need to use this file in IIS to complete the Certificate installation process.
I have also seen this response file be named CRT, but what is important to know is that the file extension is not that relevant, the contents of the file is what is important, and these files can be read with any text editor like Notepad.
As i said this could just be text in an email, which you can save into a file with a .cer or .txt extension.
So we get this file over to our Server, and we can chose to ‘Complete Certificate Request’, you will then need to point to the file that they sent you and enter a friendly name.
The friendly name is just an identifier used within IIS or the Certificates MMC to help identify a particular cert. The friendly name can be anything you like.
Once the install has completed you will see your certificate listed.
You can then right click on this and choose Export, and enter a path and password to export your certificate out to a PFX file.
It is this PFX file we can then use to install our Certificate with the Essentials wizard.
On SBS 2011 Essentials, using your own pre-existing Certificate presented a challenge, and required a special installation process.
On 2012 Essentials the wizard is actually redesigned and you can very easily use your own existing Certificates.
This flow chart, should help guide you through to the right place in the wizard. (Click to enlarge)
The process to export out a certificate to a PFX file, and import it using the Anywhere Access wizard, can also be used when you need to renew your certificate, or if you have problems with the Remote Desktop Gateway Service using an incorrect SSL Certificate.
It will also work on Essentials 2012 R2.