Objective: Create and certify a certificate to enable SSL encryption.
Exercise scoring
This exercise is auto-scored. There is nothing to submit to your tutor.
Instructions
This installment of the course project simulates the process required to generate a signed certificate. This certificate will allow SSL encryption
on data passing between the Web server and the Web browser. If, for example, you wished to do this for the English-collectors.com site, you could
generate a certificate, then have it signed by VeriSign, and then install it.
In the series of imagesbelow, you will take the necessary steps for generating a key pair and then getting your public key signed by a CA. After your key is signed, you will then install your public key to enable IIS to provide SSL-encrypted sessions.
1) Generate Key Pair 1
2) Generate Key Pair 2
3) Generate Key Pair 3
4) Generate Key Pair 4
5) Generate Key Pair 5
6) Generate Key Pair 6
7) Generate Key Pair 7
8) Generate Key Pair 8
9) Generate Key Pair 9
10) Generate Key Pair 10
11) Generate Key Pair 11
12) Generate Key Pair 12
13) Generate Key Pair 13
14) Generate Key Pair 14
15) Generate Key Pair 15
16) Generate Key Pair 16
17) Generate Key Pair 17
18) Generate Key Pair 18
19) Generate Key Pair 19
20) Generate Key Pair 20
21) Generate Key Pair 21
22) Generate Key Pair 22
- First, you must generate a key (i.e., unsigned certificate). You do this using the Key Manager, found in the Microsoft Management Console (MMC) shown here. This console allows you to administer IIS 5.0, among other services and applications. From the MMC, select the Key Manager icon on the toolbar. It resembles a hand holding a key.
- key_manager
- The key manager is now open. Normally, you would right-click on WWW icon, but for the purposes of this simulation, simply click on it.
- You are now seeing the first of several dialog boxes that will help you create your key. In this dialog box, you now have two options. For this simulation, you will send your key to VeriSign. The correct radio button has been chosen for you already. Now, make sure you save this key in a place you can remember. In fact, in a production setting, it would be a good idea to record this information in a secure place. You may not be able to install your certificate without this information. Enter C:\englishcollectors.txt as the location and name of the key and click Next.
- Location: C:\englishcollectors.txt
You need to give the key a name and a password. In the Key Name field, enter englishcollectors.txt. The Password field requires a strong password, because it encrypts the certificate files so you transmit them securely. Whenever you create keys, you should write down the password you use to create them. This is because you will need the password to install the certificate on your Web server when you get it back from your CA. If you don't have this password, you will not be able to install your certificate. Enter @En5L%sh for the password, then enter the exact same value in the Confirm Password field. Leave the Bit Length at 1024, and click Next.
