TLS on Windows: Setting Up Digital Certificates
Perform the following tasks to set up digital certificates
for TLS:
Step 1. Configure TLS
Complete information about configuring your Windows operating environment for TLS is contained in the Windows installation documentation and at
www.microsoft.com.
The following keywords
might be helpful when searching the Microsoft website:
-
digital certificate services
-
digital certificate authority
-
digital certificate request
-
site security planning
Step 2. Request a Digital Certificate
Methods of Requesting a Digital Certificate
The method of requesting a digital certificate depends on the CA that you use:
Request a Digital Certificate from the Microsoft Certificate Authority
Perform the following
tasks to request digital certificates that are issued by the Microsoft
Certificate Authority:
-
System administrator: If you are running your own CA, use Microsoft Certificate Services to create an active Certificate Authority (CA).
-
User:
-
Use the Certificate Request wizard to request a digital certificate from an active enterprise CA. The Certificate Request wizard lists all digital certificate types that the user can install.
-
Select a digital certificate type.
-
Select security options.
-
Submit the request to an active CA that is configured to issue the digital certificate.After the CA issues the requested digital certificate, the digital certificate is automatically installed in the Certificate Store. The installed digital certificate is highlighted, as shown in the following display:Digital Certificate Installation in the Certificate Store
-
Request a Digital Certificate from a Certificate Authority That Is Not Microsoft
Users should perform
the following tasks to request digital certificates that are not issued
by the Microsoft CA:
-
Request a digital certificate from a CA.
-
Import the digital certificate to a Certificate Store by using the Certificate Manager Import wizard application from a web browser.A digital certificate can be generated by using the Certificate Request wizard or any third-party application that generates digital certificates.Note: The Windows operating environment can import digital certificates that were generated in the UNIX operating environment. To convert from UNIX (PEM format) to Windows (DER format) before importing, see TLS on Windows: Converting between PEM and DER File Formats for TLS.
For details about importing
existing digital certificates, see Import a Digital Certificate to a Certificate Store.
Import a Digital Certificate to a Certificate Store
Digital certificates
that were issued by a Certificate Authority that is not Microsoft
can be imported to an appropriate Certificate Store as follows:
|
Certificate Type
|
Certificate Storage
Location
|
|---|---|
|
Client
|
Personal Certificate
Store or Machine Certificate Store
|
|
Server
|
Personal Certificate
Store or Machine Certificate Store
|
|
CA (self-signed)
|
Trusted Root Certificate
Authorities
|
Perform the following tasks to import a digital certificate to your Personal Certificate
Store:
-
Access the Certificate Manager Import wizard application from your web browser. From the
Toolsdrop-down menu, select Internet Options.Then select the Content tab, and click Certificates.Specify the digital certificate to import to the Personal Certificate Store by selecting the Personal tab in the Certificates window, as shown in the following display:Digital Certificate Selections for a Personal Certificate Store
-
Click Import and follow the instructions to import digital certificates.Repeat this task in order to import the necessary digital certificates for the CA, the server, and the client, as appropriate.Note: You can now import a digital certificate to the Machine Certificate store as well as to a Personal Certificate store.
-
After you have completed the selections for your personal Certificate Store, select the appropriate tab to view your selections.
-
To view the details about a digital certificate, select the digital certificate and click View. Typical results are shown in the following display:Digital Certificate Details Tab
Copyright © SAS Institute Inc. All Rights Reserved.