SharePoint Extranet Solutions with ISA Server 2006 – Part 5: Installing a Stand-alone root CA

In part three we created an Alternate Access Mapping http://dmz.extranet.sharepointnotes.local/, and assigned them the public URL https://extranet.sharepointnotes.local.  This implies that our Extranet solution must support SSL from the client to the ISA Server, so let’s install the Stand-alone CA so we can issue some certificates:

1. The Cerficate Services are installed through Add/Remove Programs (Start -> Control Panel -> Add or Remove Programs)
2. Click Add/Remove Windows Components
3. Select Cerficate Services (remember to select both Certificate Services CA and Certificates Services Web Enrollment support)
4. Click Yes to continue and then Next
5. Select Stand-alone root CA and click Next
6. Enter the Common name for this CA and click Next 
7. Select where to place the Certificate Database files and click Next
8. Click Yes to stop the Internet Information Services 
9. If prompted, select Yes to enable ASP
10. Click Finish

Next, Let’s issue some certificates to extranet.sharepointnotes.local:

1. Point your browser to http://localhost/certsrv
2. Select Request a certificate
3. Submit an Advanced certificate request
4. Select Submit and submit an request to this CA
   • Name: the public name of the web site (extranet.sharepointnotes.local)
   • Type of Certificate Needed: Server Authentication Certificate
   • Mark keys as exportable
   • Store the certificate in the local computer store
   • Friendly Name: same as Name
5. Hit Submit
6. Select Yes to request a certificate
7. To issues the pending certificate, start Certification Authority (Start -> Administrative Tools -> Certification Authority)
8. Select Pending Requests
9. Right click the certificate and select All Tasks -> Issue
10. Point your browser once again to http://localhost/certsrv
11. Click View the status of a pending certificate request
12. Click the server certificate link
13. Select Install this certificate and Yes to confirm
14. The certificate is now installed in the Personal certificate store of the local computer

Export the certificate (skip this part if the certificates are already installed on the ISA Server):

1. Start a MMC console (Start -> Run -> mmc)
2. Add/Remove Snapp-in (File -> Add/Remove Snapp-in)
3. Click Add
4. Select Certificates and click Add
5. Select to manage the Computer account and click Next
6. Select to manage the Local computer and click Finish
7. Click Close and OK
8. Navigate to Personal Certificates (Console -> Certificates -> Personal -> Certificates)
9. Right click the certificate created above and select All Tasts -> Export
10. In the Certificates Export Wizard click Next
11. Export the private key and click Next
12. Make sure Include all certificates in the certification path if possible and Enable strong encryption is selected and click Next
13. Enter and confirm a Password and click Next
14. Select a path and file name and click Next
15. Click Finish and OK 
16. Copy the certificate file to the ISA Server

Import the certificate (skip this part if the certificates are already installed on the ISA Server)

1. On the ISA Server, perform steps 1 to 7 in the Export-section above
2. Navigate to Personal (Console -> Certificates -> Personal)
3. Right click Personal and select All Tasks -> Import
4. In the Certificates Export Wizard click Next 
5. Change the file type filter to All Files and browse to the location where the certificate is stored. Select the certificate and click Open and Next 
6. Enter the password if the certificate is password protected and click Next
7. Make sure the certificate is placed in the Personal certificate store and click Next
8. Click Finish and OK