There are a number of ways that you can install the Web server certificates, including the following methods:

• If you are using a Microsoft public key infrastructure (PKI) with an enterprise certification authority, you can create the certificates based on the Web server template and assign them to the servers using Group Policy and auto-enrollment.
  
  
• If you are using a Microsoft PKI with Web enrollment that supports storing certificates into the local computer store, you can request a Web server certificate from each server by using the Web enrollment pages.
  
  
• You can request the certificate from each server through Internet Information Services (IIS) and running a wizard. For example, if you are using IIS 7.0 on Windows Server 2008, select Server Certificates from the home page, and then click Create Certificate Request to create a certificate request file. If you are using IIS 6.0 on Windows Server 2003, edit the Web site properties, click the Directory Security tab, and then click Server Certificate to create an online request or a certificate request file.
  
  
• You can request and retrieve the certificate using the Microsoft Certreq command-line utility.
  
  
• If you can create the certificate with your certificate management tools, you can export it and import it on each server.
  
  

Note
For information about how to specify more than one fully qualified domain name (FQDN) in the certificate Subject Alternative Name field (for example, if the site system supports intranet and Internet client connections, or is a network load balancing site system), see How to Request a Certificate With a Custom Subject Alternative Name (http://go.microsoft.com/fwlink/?LinkId=189292).

When you have installed the Web server certificate, you then need to configure Internet Information Services (IIS) so that the Configuration Manager 2007 Web site uses the certificate for authentication and encryption. You can script this installation or use the Internet Information Services (IIS) Manager console.

To configure IIS to use the Web server certificate using the Internet Information Services (IIS) Manager console, perform one of the following steps, depending on the version of IIS that you are using:

• For IIS 7.0 on Windows Server 2008: Expand Sites, select the Web site that is being used by Configuration Manager (Default Web Site or SMSWEB), select Edit Bindings, and then configure https to use the Web server certificate.
  
  
• For IIS 6.0 on Windows Server 2003: Edit the properties of the Web site that is being used by Configuration Manager (Default Web Site or SMSWEB), and select the Web server certificate to use by clicking Server Certificate on the Directory Security tab. This launches the Web Server Certificate Wizard, which prompts you to select the Web server certificate to use.
  
  

Note
SMSWEB is the name of the Web site if you are using a custom Web site for Configuration Manager 2007. For more information about using custom Web sites in Configuration Manager 2007, see Configuration Manager Custom Web Site Overview and How to Configure Custom Web Sites for Configuration Manager Sites.

Concepts

Other Resources