Generate SSL Certificate for IIS | Utimaco Integration Guides

To generate SSL certifcate for IIS Server follow these steps:

Log into the NDES server using the <domain_name>\Administrator.
Create a NDES-SSL-Cert.inf file using a text editor as follows. Change the Subject field to the Fully Qualified Domain Name (FQDN) of the NDES Server.

›_ Console
`[Version] Signature= "$Windows NT$" [NewRequest] Subject = "CN= NDES-ADCSIIS.test.utimaco.comutimaco-NDES-CA.com " HashAlgorithm = SHA256 KeyAlgorithm = RSA KeyLength = 2048 ProviderName = "Utimaco CryptoServer Key Storage Provider" KeyUsage = 0xf0 MachineKeySet = True [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1`

›_ Console

[Version] 
Signature= "$Windows NT$" 
[NewRequest] 
Subject = "CN= NDES-ADCSIIS.test.utimaco.comutimaco-NDES-CA.com " 
HashAlgorithm = SHA256 
KeyAlgorithm = RSA 
KeyLength = 2048 
ProviderName = "Utimaco CryptoServer Key Storage Provider" 
KeyUsage = 0xf0 
MachineKeySet = True 
[EnhancedKeyUsageExtension] 
OID=1.3.6.1.5.5.7.3.1

Open cmd and create a Certificate request file by running the following command.

›_ Console
`certreq -new NDES-SSL-Cert.inf NDES-SSL-Cert.req`

If you are using Smartcard Authentication, the prompt will go on the PIN Pad device to insert Smartcard and enter the pin. Then press OK button on the PIN Pad.

Copy the above certificate request file and send it to the CA for signing.
Once signed by CA paste the certificate back to NDES Server
Install the certificate by running the following command

›_ Console
`certreq -accept IIS-SSL-Cert.cer`

Output Window

If you are using Smartcard Authentication, the prompt will go on the PIN Pad device to insert Smartcard and enter the pin. Then press OK button on the PIN Pad.