1. At the server's desktop, click Programs > Administrative Tools > Internet Services Manager > Internet Information Services to open the Internet Information Services window.

2. Click the + sign on the Middle Tier Server icon to expand its hierarchy.

3. Right-click Default Web Site > click Properties to open the Default Web Site Properties dialog box.

   If an SSL certificate has not been configured yet, the SSL Port field is dimmed.

4. Click Directory Security to open the Directory Security page.

5. Click Server Certificate to start the Web Services Certificate Wizard.

   1. On the wizard's Welcome page, click Next to open the Server Certificate page.

   2. On the Server Certificate page, select Create a New Certificate, then click Next.

   3. On the wizard's Delayed or Immediate page, select Prepare the Request Now, But Send it Later, then click Next.

   4. On the Name and Security Setting page, specify a certificate name such as DaveMiddleTier Web Site, change the bit length to 1024, then click Next.

   5. On the wizard's Organization Information page, specify the names of your organization and organizational unit in the Organization and Organizational Unit fields, then click Next.

   6. On the wizard's Your Site's Common Name page, specify your full DNS name, such as zztop1.zenworks.provo.novell.com if you are in the DNS tables, then click Next.

      You can also specify your IP address if it is static and if all access is through IP addresses.

      If your servers are behind a firewall, specify the DNS name by which the server is known to the outside world.

   7. On the wizard's Geographical Information page, enter the correct information in the Country, State, and City fields, then click Next.

   8. On the wizard's Certificate Request File Name page, save the certificate request in an accessible location, then click Next.

      This request is a file to be submitted to a trusted Certificate Authority (CA) for signing.

   9. On the wizard's Request File Summary page, review all of the information. If necessary, you can use the Back button to make changes on appropriate pages. Click Next.

   10. On the wizard's Completing the Web Services Certificate Wizard page, click Finish.

6. Submit the certificate request to an appropriate trusted Certificate Authority. When the trusted CA issues the certificate, proceed with the steps outlined in Processing a Pending Certificate Request on IIS.

This machine should have Novell Client™ 4.83 or later, ConsoleOne 1.3.3 or later, and the Novell International Cryptographic Infrastructure (NICI) client 2.4.0 or later installed.

1. On the server's desktop, start ConsoleOne.

2. Select the container in the tree where the server objects reside.

3. Select Tools > Issue Certificate to start the Issue Certificate Wizard.

   1. In the Filename field, specify the name of the file that contains the certificate request, then click Next.

   2. On the Organizational Certificate Authority page, click Next.

   3. On the SSL or TLS page, click Next.

   4. On the next page of the wizard, accept the defaults by clicking Next.

   5. On the Save Certificate page, save the file as the default (that is, in .der format).

4. Export the self-signed certificate from the Certificate Authority.

   Because the root is not a trusted root, you need to import the self-signed certificate from the Root CA into all workstations that will connect to the Middle Tier Server. If this self-signed certificate is not imported, certificate verification fails for all certificates issued by this CA.

   1. In ConsoleOne, browse to the Security container in the tree. The Security container is identified with a padlock icon.

   2. Right-click Server Name Organizational CA > select Properties.

   3. Click Certificates > select Self Signed Certificate.

   4. Click Export.

   5. Accept the defaults on succeeding pages until you need to save to a location.

1. Locate and double-click the file containing the self-signed certificate from the CA.

2. On the Certificate page, click Install Certificate to start the wizard.

   1. On the first page of the wizard, click Next.

   2. On the second page of the wizard, when you see a message reading “Automatically select the certificate store,” click Next.

   3. On the third page of the wizard, click Finish.

   4. In the Root Certificate Store message box, select Yes.

   5. In the Successful Import dialog box, click OK.

      A message reading “The import was successful” is displayed.

1. At the server's desktop, click Programs > Administrative Tools > Internet Services Manager > Internet Information Services to open the Internet Information Services window.

2. Click the + sign on the Middle Tier Server icon to expand its hierarchy.

3. Right-click Default Web Site, then click Properties to open the Default Web Site Properties dialog box.

4. Click Directory Security to open the Directory Security page.

5. Click Server Certificate to start the Web Services Certificate Wizard.

6. Use the Web Services Certificate Wizard to process the Certificate Request:

   1. On the Welcome page, click Next.

   2. On the Server Certificate page, select Process the Pending Request and Install the Certificate, then click Next.

   3. On the next page, enter the full path of the signed certificate as received from the Certificate Authority.

      This can be a .der or a .cer file, or a file with some other extension, depending on the naming convention used by the Certificate Authority.

   4. On the next wizard page, click Next.

   5. On the last wizard page, click Finish.

7. Close the Properties page.

8. Right-click the server icon in the tree, then select Restart IIS.

9. When IIS restarts, open the properties of the default Web site to verify that the SSL port is available.