To install the .pb7 cert from signed by Safaricom:

a.  Click Start, and then click Run.

b.  Type mmc, and then click OK. The Microsoft Management Console (Console) window opens.

c.  In the Console1 window, click the File menu, and then select Add/Remove Snap-in.

d.  In the Add or Remove Snap-in window, select Certificates, and then click Add:

cert-addin-snapin

 

e.   In the Certificates snap-in window, select Computer Account, and then click Next

f.    In the Select Computer window, select Local Computer, and then click Finish.

g.   In the Add or Remove Snap-in window, click OK.

h.   In the Console1 window, click + to expand the folder.

i.    Right-click Trusted Publishers, mouse-over All Tasks, and then click Import

certimportwizard-openfile

j.    In the Certificate Import Wizard window, click Next.

k.   Click Browse to find the .pb7 certificate file.

l.    In the Open window, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the {Microsoft IIS (*.p7b)} file       located on your local machine and then click Open.

m.  In the Certificate Import Wizard window, click Next.

n.   Select Place all certificates in the following store, and then click Browse

cert-import2nd

o.   In the Select Certificate Store window, select Trusted Publishers, and then click OK.

p.   In the Certificate Import Wizard window, click Next.

q.   Click Finish.

cert-finish

r.   Click OK.

s.  Close the Console1 window, and then click No to remove the console settings.

 

Continuation….

a.   To install the certificate, click Start, mouse-over Administrative Tools, and then click Internet Services Manager.

b.    In the Internet Information Services (IIS) Manager window, select your server.

c.    Double-click Server Certificates.

d.    From the Actions panel on the right, click Complete Certificate Request…. To locate your certificate file, click ….

e.    In the Open window, select *.* as your file name extension, select your certificate (it might be saved as a .txt, .cer, or .crt),               and then click Open.

f.     In the Complete Certificate Request window, enter a Friendly name for the certificate file, and then click OK.

g.    In the Internet Information Services (IIS) Manager window, select the name of the server where you installed the certificate.

h.    Click + beside Sites, select the site to secure with the SSL certificate.

 

i.     In the Actions panel on the right, click Bindings….Click Add….

siteb1

j.    In the Add Site Binding window:

siteb2

k.   For Type, select https.

l.    For IP address, select All Unassigned, or the IP address of the site.

m.  For Port, type 443*. (your https port)

n.   For SSL Certificate, select the SSL certificate you just installed, and then click OK.

o.   Close the Site Binding window.

p.   Close the Internet Information Services (IIS) Manager window.

q.   Your SSL Certificate is installed. Visit your HTTPS website  to verify the installation.

 

Introduction

The certificate signing request stores encoded information that is used to create an SSL certificate. A CSR can be generated using openssl or key tool

 

Generating a CSR using Openssl

Generate the CSR and private key using the following command and fill in the requested fields as specified.

            openssl req -out yourcsrname.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key –new –sha512

 The following fields must be populated with valid and verifiable information:

  • Common Name= FQDN of hosting server using standard notation. If you don’t have a common name you can use “your organization name”.com
  • Organization Name= Business Name as recognized by Safaricom
  • Locality= Region where the organization is located
  • State / Province= Province/County
  • Country = Country of registration of the organization(Two letters e.g. KE)
  • Minimum Key Size is = 4096 bits

N/B:

The private key (privateKey.key) will be stored in the same folder. You can save it to your preferred safe location. You will use it during the certificate installation.

Check for errors on csr before submitting for signing. (How To Check For Errors In CSR)

 

Generating a CSR using Keytool

a.  Create a new keystore and Key Pair while on elevated privileges.

           keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 4096

Proceed to fill in the details as below:

  • First & Last Name is the domain Name for SSL Certificates e.g. server.com
  • Organizational Unit e.g. a department
  • Organization e.g Safaricom
  • City / Locality e.g Nairobi
  • State / Province e.g Nairobi
  • Country Code e.g US (2 Letter Code)

b.   Confirm or reject the details by typing “Yes” or “No” and pressing Enter

c.   Generate a CSR based on the new keystore:

          keytool -certreq -alias mydomain -keystore KeyStore.jks -file mydomain.csr

d.   Check for errors before submitting your CSR for signing. (How To Check For Errors In CSR)