⚠️ This page has been archived

✅ New page with updated info: ssw.com.au

Home > Archive > StandardsInternal > DeveloperGeneral > HTTPS Guide

Step 1 - Generate a Key Pair containing a CSR (Certificate Signing Request) with IIS

All the key generation and certificate installation procedures for IIS5 are handled by a Certificate Wizard. You access the IIS5 Certificate Wizard by going into
IIS > Website > Website Properties > Directory Security > Server Certificate.

The Certificate Wizard generates two files:

a. A text file, called the CSR (Certificate Signing Request), which is sent to Thawte. The CSR file is saved to your hard drive. The CSR file is the public portion of the private/public key pair and is sent back to you as a certificate file, once Thawte has issued your SSL certificate.

b. A NET format file, which is your private key. The private key is not accessible through this interface, and is not visible to the user. Thawte does not handle the private key at all and is therefore not responsible for its management. If you lose the private key, or the password used to protect it, you will need to buy a new certificate. Please be sure to make a backup copy of the private key file and save it in a secure location. You must also remember the password used to protect the private key file (or document the password in a safe place). The password is the one you would have specified during the request process.

Please note that for IIS5 you cannot backup the private key until the certificate has been installed.

You’ll find a step-by-step key generation guide for IIS5 at: http://www.thawte.com/certs/server/keygen/msiis5/msiis5.html

Step 2 - Request Certificate

Go to www.thawte.com and register for a 128 bit "super certificate".

You will need to enter:
CSR (see instructions above)
Contact details
Credit card details
Proof of domain ownership
Proof of company ownership (a company registration certificate for instance)

Detailed instuctions can be found here - https://www.thawte.com/cgi/server/step1.exe

Step 3 - Download Certificate

They will take 2-4 days to check this.
Once the certificate has been issued, you will be able to download it from your personal status page by clicking on the “Fetch Certificate” button (which only appears once the certificate has been issued).

Step 4 - Configure IIS5

Step 1 - Open up the IIS Certificate Wizard
Step 2 - Request Certificate
Step 3 - Download Certificate
Step 4 - Configure IIS5
insert new IIS instructions here

Detailed instuctions can be found here - http://www.thawte.com/support/server/msiis/msiis5_install/msiis5.html

Before doing this you should try installing a Test Certificate

To familiarize yourself with the workings of a Thawte certificate on IIS5 you can configure a test certificate on your web server as follows:

a. Generate the private key and CSR files:
Use the IIS5 Certificate Wizard to generate your public/private key pair. You must not use the same CSR to request a TEST certificate and a Trusted certificate. IIS5 is not able to replace the TEST certificate.

b. Generate a test certificate:
Go to https://www.thawte.com/cgi/server/try.exe and paste in your CSR (Certificate Signing Request). Within minutes, you should receive an “un-trusted” test certificate in email. Save it to a file called “testcert.crt”. You can get your browser to “trust” that test certificate by clicking on http://www.thawte.com/servertest.crt and installing the Test Certificate CA (Certificate Authority) root.

c. Install the test certificate:
Install the certificate using the Server Certificate Wizard which you’ll find in the Directory Security tab. Remember that with IIS5 you cannot use the same CSR to request both a TEST certificate and a trusted certificate, so make sure that you are able to recognize that this request will be used for testing purposes only. Make sure that port 443 is enabled in the website Properties before you try to access the website over SSL. As soon as you are able to access your website using the “https://” prefix and view the TEST certificate successfully, you can proceed to the next step.

Securing virtual hosts

If you have secure virtual hosts, each will need its own IP, as SSL does not support name-based virtual hosts.

Using HTTPS on SSW Web Page

All you need to do is to set the a href tag to HTTPS:// instead of HTTP:// when you want to use secure server. Only use HTTPS when you need the link to be secure as it is slower then the normal HTTP.

eg. <a href=" HTTPS ://www.ssw.com.au/shop/basket.aspx">Basket</a>

Useful URLs

Common problems experienced with IIS are dealt with in our FAQs: http://www.thawte.com/support/server/iisdoc.html .

You’ll find a key generation guide for IIS4 at: http://www.thawte.com/certs/server/keygen/iis4.html
The certificate enrollment process for SSL and SuperCerts begins at: https://www.thawte.com/certs/server/request.html
How to generate a test certificate: https://www.thawte.com/cgi/server/try.exe
Installing the test certificate CA root into your browser: http://www.thawte.com/servertest.crt