RE: can I create a new certificate on ISA 2004/SBS 2003

Hi Tommy:
Thank you for posting here.

>From the description, I understand that you want to create a new
certificate for your additional SSL web site. If I have misunderstood you
concern, please do let me know.

Generally speaking, by default the SSL website such as OWA/RWW is bound to
the predefined certificate issued by the CEICW Wizard. You can use the same
certificate for your additional SSL website. Based on my knowledge, if you
do want to issue a new certificate for multiple SSL sites, you can perform
the following steps to do so:

1. At the SBS machine, click Start and point to Administrative Tools. Click
Internet Information Services (IIS) Manager.

2. In the left pane of the Internet Information Services (IIS) Manager
console, expand the Web Sites node and click the SSL Web Site. Right click
it and click Properties.

3. On the Web Site Properties dialog box, click the Directory Security tab.

4. On the Directory Security tab, click the Server Certificate button in
the Secure communications frame.

5. On the Welcome to the Web Server Certificate Wizard page, click Next.

6. On the Server Certificate page, select the Create a new certificate
option and click Next.

7. On the Delayed or Immediate Request page, select the Send the request
immediately to an online certificate authority option and click Next.

8. On the Name and Security Settings page, accept the default settings and
click Next.

9. On the Organization Information page, enter your organization's name in
the Organization text box and your Organizational Unit's name in the
Organizational Unit text box. Click Next.

10. On the Your Site's Common Name page, enter the common name of the site.
The common name is the name that external and internal users will use to
access the site.

11. On the Geographical Information page, enter your Country/Region,
State/province and City/locality in the text boxes. Click Next.

12. On the SSL Port page, accept the default value, 443, in the SSL port
this web site should use text box. Click Next.

Note: If you only have single public FQDN, you may need to change the SSL
port to a new one such as 442 since the default web site occupies the port
443.

13. On the Choose a Certification Authority page, accept the default
selection in the Certification authorities list and click Next.

14. Click Finish on the Completing the Web Server Certificate Wizard page.

Notice that the View Certificate button is now available. This indicates
that the Web site certificate has been bound to the Web site and can be
used to enforce secure SSL connections to the Web site.

Click OK in the Web Site Properties dialog box.

After doing that, the new certificate is bound to the SSL web site and you
may use either ISA Server or RRAS to publish this SSL web site.

Hope the above information helps, please feel free to let me know if there
is anything I can do for you.

Have a nice day! :-)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: can I create a new certificate on ISA 2004/SBS 2003
| thread-index: AcXYLXiAb8XFbRCwRkaxjv9muxrbbw==
| X-WBNR-Posting-Host: 220.234.174.46
| From: "=?Utf-8?B?VG9tbXk=?=" <Tommy@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: can I create a new certificate on ISA 2004/SBS 2003
| Date: Sun, 23 Oct 2005 16:57:05 -0700
| Lines: 5
| Message-ID: <E8EE5E71-5499-422D-A052-B94A0BBB7D97@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:163814
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I notice that the icw wizard has created the certificate for me. If i
don't
| want to use this one, can i create a new certificate for SSL site? Thank
you
| for any guidance.
|
| Tommy
|

.

Loading