How to Install an SSL Certificate for Use with IM Manager and AIM 6.X or Higher

Article:TECH89959  |  Created: 2008-01-23  |  Updated: 2010-10-07  |  Article URL http://www.symantec.com/docs/TECH89959
Article Type
Technical Solution

Product(s)

Issue



An SSL certificate has been obtained for use with IM Manager and AIM 6.X or higher. What are the steps necessary to install the SSL certificate for use with IM Manager supporting AIM 6.X and higher IM clients?

 


Solution



If you generated the certificate request on the IM Manager server then process the outstanding certificate request using the IIS Certificate Wizard:

1. Open IIS Administrator.
2. Right click on the Default Web Site and select Properties….
3. Click the Directory Security tab.
4. Click the Server Certificate… button.
5. This will bring up the Server Certificate Wizard where you will be able to process the certificate from the SSL certificate vendor. 

Doing this process attaches the public part of the certificate from the SSL certificate vendor with the private key generated on the computer.

Then configure IIS to not use port 443:

1. Click the Web Site tab.
2. Delete any text in the SSL Port textbox.
3. Click the OK button.
4. From a command prompt restart IIS with this command: iisreset.
 

See KB AIM 6.X and Higher IM Client Cannot Log in When IM Manager Is Not Listening on Port 443.

If the certificate has already been processed and has the private key embedded then perform the following steps:
 

    1. From the Start > Run menu type mmc
    2. Select File > Add/Remove Snap-In.
    3. Click the Add... button.
    4. Select the Certificates snap-in. Click the Add button.
    5. Select the Computer account radio option. Click Next. Click Finish.
    6. Click Close to close the select add-in dialog box.
    7. Click OK to close the Add/Remove snap-in dialog box.
    8. Open the tree under Certificates > Personal.
    9. Right-click on Certificates and select All Tasks > Import.
    10. Click Next.
    11. Click Browse and select the certificate from the file system. Click Next.
    12. Select the checkbox Mark this key as exportable and click Next.
    13. Click Next. Click Finish. The message "The import was successful" appears. Click OK.


Ensure that computer contains private key for SSL certificate
 

    The computer where IM Manager is installed must have the private key that corresponds to the SSL certificate. Perform the following steps to check if the private key is installed:
        1. Go to Start | Run.
        2. Type mmc.
        3. A Console window will open.
        4. Go to File | Add/Remove Snap-in ...
        5. In the Add/Remove Snap-in window click on Standalone tab.
        6. Click Add.
        7. In the Add Standalone Snap-in window select Certificates and click Add.
        8. In the Certificates snap-in window select Computer account and click Next.
        9. In the Select Computer window select Local computer and click Finish.
        10. In the Add Standalone Snap-in window click Close.
        11. In the Add/Remove Snap-in window click OK.
        12. Expand Certificates | Personal | Certificates.
        13. Double click on the AIM SSL Certificate name that is installed on the IM Manager Server.
          1. Open IM Manager MMC Snap In.
          2. Right Click IM Manager.
          3. Go to AIM Agent tab.
          4. The AIM SSL Certificate that is installed on the IM Manager Server is listed in the Issued To: text box.
        14. Click on the General tab.

        If the message "You have a private key that corresponds to this certificate" is not present then the private key is not installed. Work with your certificate issuer for instructions on installing the private key for the certificate.


Starting with IM Manager 8.4.8 certificates issued from an intermediate certificate authority are supported. The certification certificate for the intermediate certification authority must be installed on the IM Manager server.

How to check if the Intermediate Certification Authority Certificate is installed?
 

    1. From the Start > Run menu type mmc
    2. Select File > Add/Remove Snap-In.
    3. Click the Add... button.
    4. Select the Certificates snap-in. Click the Add button.
    5. Select the Computer account radio option. Click Next. Click Finish.
    6. Click Close to close the select add-in dialog box.
    7. Click OK to close the Add/Remove snap-in dialog box.
    8. Open the tree under Certificates > Intermediate Certification Authorities.
    The intermediate certificate authority must be listed.



To install Intermediate CA Certificate:
 

    1. From the Start > Run menu type mmc
    2. Select File > Add/Remove Snap-In.
    3. Click the Add... button.
    4. Select the Certificates snap-in. Click the Add button.
    5. Select the Computer account radio option. Click Next. Click Finish.
    6. Click Close to close the select add-in dialog box.
    7. Click OK to close the Add/Remove snap-in dialog box.
    8. Open the tree under Certificates > Intermediate Certification Authorities.
    9. Right-click on Certificates and select All Tasks > Import.
    10. Click Next.
    11. Click Browse and select the certificate from the file system. Click Next.
    12. Select the checkbox Mark this key as exportable and click Next.
    13. Click Next. Click Finish. The message "The import was successful" appears. Click OK.





Technical Information
A certificate issued from an intermediate certificate authority looks similar to this:


test.bmp

A certificate issue from a Root CA has only one issue listed in the certification path.


 


Attachments

test.bmp (570 kBytes)

Supplemental Materials

Value12189

Legacy ID



2008072311214654


Article URL http://www.symantec.com/docs/TECH89959


Terms of use for this information are found in Legal Notices