I needed to take a short break from my blog series about using SSL with IIS 6 in order to work on some other projects, but I wanted to finish the series by giving you a few appendices that give you some additional details that you might want to know if you are using SSL with IIS 6.

In this first appendix, I'll discuss how to install Certificate Services for Windows Server 2003. Installing Certificate Services will allow you to have your own Certificate Authority (CA), and thereby you will be able to issue certificates for your organization. It should be noted that Internet clients that are not part of your organization will not inherently trust your certificates - you will need to export your Root CA certificate, which I will describe in a later appendix for this blog series.

There are four different configurations that you can choose from when you are installing Certificate Services:

Enterprise root CA Integrated with Active Directory
Acts as the root CA for your organization
Enterprise subordinate CA Integrated with Active Directory
Child of your organization's root CA
Stand-alone root CA Not integrated with Active Directory
Acts as the root CA for your certificate chain
Stand-alone subordinate CA Not integrated with Active Directory
Child of your certificate chain's root CA

Note: More information about these options is available at http://technet.microsoft.com/en-us/library/cc756989.aspx

For this blog, I will discuss setting up a Stand-alone root CA.

  1. Run the "Windows Component Wizard" in "Add/Remove Programs", choose "Certificate Services", and click "Next":

  2. Click "Yes" when prompted to continue:

  3. Accept the defaults, then click "Next":

  4. Enter all requested information, then click "Next":

  5. Accept the defaults for the data locations and click "Next":

  6. The wizard will step through installing the services:

  7. When the wizard has completed, click "Finish" to exit the wizard:

That wraps up this blog post. In my next post I'll discuss obtaining the root certificate for your certificate server so you can install it on a client computer or an IIS server; this will allow other computers to trust the certificates that you issue.