Solution
This tutorial will be given in 3 parts. All parts must be completed, but you may find that either Part I and/or Part II may already be completed depending on your security settings and the version of your Windows Server. If the certificate installation is a renewal of an already existing QuoVadis certificate, you may not need to do Parts I and II as you should already have the certificates. The intermediate files must also be installed to ensure that some browsers do not show a certificate error.
Part I - Installing the Intermediate (chaining) Certificates
Part I explains how to install the intermediate files that are required. QuoVadis uses various Intermediate certificates that must be installed on the server to prevent errors in certain browsers. You may want to go through these steps and if the intermediate certificates are not installed, then please obtain them and follow through with the rest of Part I. These files should have been included in the email that was sent with the certificate. If not, they have been included in this knowledge base article.
First you must open the Microsoft Management Console.
- Click on Start and then Run.
- In the Run window, type MMC in the Open: field and click on the OK button.
Console1
- Click on File at the top and then select Add/Remove Snap-in... Alternatively, you can press Ctrl + M.
- In the Add/Remove Snap-in window, click on the Add... button at the bottom. This will open a third window named Add Standalone Snap-in.
- Scroll down in the Add Standalone Snap-in window and find the Certificates component. Once found, highlight it and click on the Add button at the bottom. Alternatively, you can double-click on Certificates.
- Select the Computer account radio button and click on the Next button.
- At the next screen, click on the Finish button.
- Back in the Add Standalone Snap-in window, click on the Close button.
- Click on the OK button in the Add/Remove Snap-in window.
Console1Certificates (Local Computer)
- Click on the "+" sign next to Certificates (Local Computer) to expand it.
- Locate and expand the Intermediate Certification Authorities store and then click on the Certificates folder underneath it.
QuoVadis Global SSL ICA G2Intermediate Certification AuthoritiesPart II
- Place the certificate in a directory where it can be accessed by the server.
- Right-click on the Certificates folder underneath the Intermediate Certification Authorities folder and in the drop-down menu, select All Tasks and then click on Import.
- The Certificate Import Wizard will appear. At the welcome screen, click on the Next button.
- You must specify the file to import. Click on the Browse... button and find and select the QuoVadis Global SSL ICA G2 certificate. Once selected, it should appear in the File name: field. Click on the Next button.
- On the next screen, the option for Place all certificates in the following store should be selected by default and in the Certificate store: field should be Intermediate Certification Authorities. Click on the Next button.
- At the summary screen, click on the Finish button.
Part II - Installing the Root Certificates
Generally, your Windows Server should have the QuoVadis Root certificates installed, however there have been cases where they have not been. When you install the SSL certificate, if the root certificate is not present, the system will prompt you to trust it, which will also install it. For Part II, you will be installing the QuoVadis Root Certification Authority and the QuoVadis Root CA 2, which expires 2031. Part II assumes that you currently have the Microsoft Management Console open. If you do not, you can find the instructions in Part I of this guide, steps 1-9.
- Click on the "+" sign next to Certificates (Local Computer) to expand it (if it isn't already expanded).
- Locate and expand the Trusted Root Certification Authorities store and the click on the Certificates folder underneath it.
QuoVadis Root CA 2QuoVadis Root CA 2Part IIITrusted Root Certification Authorities
- Place the certificate in a directory where it can be accessed by the server.
- Right-click on the Certificates folder underneath the Trusted Root Certification Authorities folder and in the drop-down menu, select All Tasks and then click on Import.
- The Certificate Import Wizard will appear. At the welcome screen, click on the Next button.
- You must specify the file to import. Click on the Browse... button and find and select the QuoVadis Root CA 2 certificate. Once selected, it should appear in the File name: field. Click on the Next button.
- On the next screen, the option for Place all certificates in the following store should be selected by default and in the Certificate store: field should be Trusted Root Certification Authorities. Click on the Next button.
- At the summary screen, click on the Finish button.
The import was successful.
Part III - Installing the Certificate
Part III provides the steps taken to install an SSL certificate on Exchange 2010. These steps follow what need to be taken using the GUI (Graphical User Interface) of Exchange Management Console.
- Start All Programs and in the Microsoft Exchange Server 2010 folder, select Exchange Management Console.
- The console will load up. Expand Microsoft Exchange On-Premises and click on Server Configuration on the left-hand pane.
- In the Exchange Certificates section in the middle pane, you should see the friendly name that you entered while creating the CSR. Click and highlight it and then click on Complete Pending Request from the right hand pane.
- A new window appears that resembles a Wizard with a heading of Complete Pending Request. Click on the Browse button and navigate to where you saved your QuoVadis Certificate file.
- Click on the Complete button.
- When you are ready, click on the Finish button.
- Back in the Exchange Certificates section, click on the certificate you want to install from the list and then on the right-hand pane, click on the Assign Services to Certificate link.
- A new window appears similar to the previous wizard that you had before. This window is named Assign Services to Certificate. In the Select Servers field, you want to click on highlight the server that you want to assign the certificate to and click on the Next button.
- On the Select Services screen, click on the services that you would like to secure using the certificate. By default, Internet Information Services is selected. When you have selected the services, click on the Next button.
- At the Assign Services screen, you will see a Configuration Summary of the certificate. When you have read over the configuration, click on the Assign button.
- The Assign Services to Certificates wizard will load the certificate and complete. The Completion screen will display that will summarize the installation of the certificate. Click on the Finish button at the bottom of the Wizard.
OCSP Stapling Support
Although optional, it is highly recommended to enable OCSP Stapling which will improve the SSL handshake speed of your website.
Windows Server 2008 automatically utilizes OCSP Stapling by default. No additional configuration is required.
You can read up on more on OCSP Stapling at https://support.quovadisglobal.com/KB/a415/what-is-ocsp-stapling.aspx.