Get a Certificate for the Production Site

For a production site, it’s important that you get a commercial certificate, especially when dealing with the public. If you’re on an intranet, you can have a certificate from your own CA, because you can add that CA to the browsers of all the clients. That just can’t be done on the Internet. Although you can use your own CA to issue the certificate, it will send a warning message to all clients when they try to access any sites using SSL and it may discourage them from accessing your site. Also, issuing your own certificate from your own CA is risky, especially if the root CA were ever compromised. For these reasons, it’s best to go to a commercial CA for publicly accessible sites.

The process for obtaining a production certificate is the same as that for the test certificate, except you have to request the certificate from a commercial CA and send it the request file.

1. Request the certificate in the IIS MMC.

2. Go online and request a certificate from a commercial CA.

3. Send the online CA the request file we generated in IIS.

4. Process the request by installing the CA’s response file.

Each commercial CA will have a slightly different process. The important thing to remember is that the certificate request information needs to match what your organization information uses. For a larger company, a D-U-N-S Number goes a long way. Since we’re not a corporation, a letter from the president of the club on official letterhead will do nicely to identify us. Other than the commercial CA portion, follow the same steps as the test site to install the certificate.