Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The UW Services CA's root certificate can be obtained a couple of ways. Use the root installation page to install it directly into a web browser. Visit the certs.cac.washington.edu UWCA site website to obtain it in PEM or DER format.

...

  1. Verify your system has the UW Services CA root installed.
  2. Log on to your Windows server as Administrator.
  3. Start the IIS Internet Services Manager.
  4. Display your web site properties.
  5. Select Directory Security > Server Certificate to run the Web Server Certificate Wizard.
  6. Select "Create a new certificate", click Next.
  7. Select "Prepare the request now, but send later", click Next.
  8. Type in any simple name (e.g. "MyExampleUWSCAcert") for the certificate, 1024 is a good bit length, click Next.
  9. Type in Organization = "UW", Organization Unit = "" (actual text doesn't matter), click Next.
  10. Type your full DNS name for the Common Name, to conform to our DN policy.
  11. Select US for Country, type in "Washington" for state, and "Seattle" for city, click Next.
  12. Save the certificate request to a file (e.g. c:\certreq.txt).
  13. Finish the IIS Certificate Wizard.
  14. Open the certificate request file (e.g. in Notepad).
  15. Select the contents and copy it to the clipboard.
  16. Start a web browser, go to the UW Service CA web site (certs.cachttps://iam-tools.u.washington.edu) and select the link for requesting a certificate; you'll have to /cs/), log in with your UW NetID, and select "New UWCA certificate".
  17. Choose the PEM method as you walk thru the request process.
  18. Paste the contents of your certificate request file (e.g. c:\certreq) into the textarea "CSR" text field and submit your request.
  19. Wait for email acknowledging that your certificate has been issued.
  20. Go back to the UW Services Service CA web site, manage your requests, select the sequence number corresponding with your current request from the list of Favorites, and retrieve the certificate.click "Get PEM" or "Get PKCS 7" from the details display to the right.  
  21. Copy, paste, and save the PEM certificate into a new file (e.g. c:\certfile.txt).
  22. Return to the Web Server Certificate Wizard.
  23. Process the pending request to install the new certificate (e.g. c:\certfile.txt).

Certificate requests using the Active X method

To request a certificate for use with IIS using the Active X method:

Compatibility Warning: The UW Services CA's Active X request method isn't compatible with recent versions of the Windows operating systems (Windows Vista and newer, Windows Server 2008 and newer). Use the Web Server Certificate Wizard method described in the previous section.

Note: the following instructions were tested on a Windows 2000 Server SP4, with Internet Explorer 6.0.2800.1106, and all critical updates as of 29 Apr 2004. Be sure your system has all critical Windows updates and IE updates installed by visiting Windows Update.

  1. Verify your system has the UW Services CA root installed.
  2. Log on, as Administrator, to the Windows Server you want to install the certificate on.
  3. Start Internet Explorer, go to the UW Services CA web site (certs.cac.washington.edu), and select the link for requesting a certificate; you'll have to log in with your UW NetID.
  4. Choose the Active X method as you walk thru the request process.
  5. Enter your DNS name, say what the cert is for, leave all other settings on page as is, then click the "Generate the request" button.
  6. Answer a dialog box that you want to accept the certificate.
  7. Answer OK you want to create a new key (security=medium), and a certificate request will be generated and sent to the UW Services CA.
  8. Wait until you receive email confirmation saying your certificate request has been approved.
  9. Start Internet Explorer, go to the UW Services CA web site and select the link for managing your requests. Note: you must be running IE on the same machine you performed the Active X certificate request.
  10. Click on the request number of the certificate to retrieve.
  11. Verify the info matches the certificate you requested.
  12. Click on the "Retrieve this certificate" link at the bottom of the page.
  13. Click on the "Get the certificate using ActiveX" link on the page.
  14. You will see a popup dialog that the site is adding a certificate to your computer. Click Yes.
  15. You will see a dialog indicating "your certificate is installed". Click OK
  16. Run the Web Server Certificate Wizard for the same web site you requested the certificate for.
  17. Select "Assign an existing certificate". Click Next.
  18. Choose the certificate you just retrieved from the UW Services CA. Click Next. Click Next. Click Finish.

Certificate requests on Windows without using IIS

See Obtain a Certificate on Windows 2008 (without using IIS).Beginning with Windows Vista and Server 2008,  the UW Services CA's Active X request method no longer works.  It was retired October 2016.

Certificate requests on Windows without using IIS