IIS Server Security, SSL Certificate

microsoft.public.inetserver.iis.security - About IIS Web Server Security Issues


IIS Server Security >> SSL certificate

by Katerina » Thu, 25 Sep 2003 22:05:49 GMT

Hi,
I make CSR for one domain and for it i take one test trial
certificate and post this CSR for buy certificate.
I install trail certificate and when i recieve the
purchased i try to replace the trial with this, but ...
certificate is installed succesiful, but say that havn't
Private Key.
Please tell me how i can export from trial and after
import Private Key to purchased certificate.
Thanks.

Regards: Katya

Top

IIS Server Security >> SSL Certificate

by Bernard » Wed, 01 Oct 2003 12:39:48 GMT


Proxy.. not sure.. but try these kb
PRB: Error "Page Cannot Be Displayed" When You Connect Through HTTPS
http://support.microsoft.com/?id=290391

HOW TO: Determine If SSL Connectivity Is Not Working on the Web Server or on
an Intermediate Device
http://support.microsoft.com/?id=290051

"Cannot find server" or "DNS" Errors When Using SSL (Q & A)
http://support.microsoft.com/?id=292296

at command prompt, enter
"netstat -an", see anything binding on port 443 ?

anything in event log ?

--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...









Top

IIS Server Security >> SSL Certificate

by Mark » Wed, 19 Nov 2003 22:34:07 GMT

How can I create my own SSL certificate? (without using any CA)



Top

SSL Certificate

by Keith W. McCammon » Wed, 19 Nov 2003 23:37:52 GMT

You can't. If you have 2000/2003 Server, install the built-in CA and create
your certs there.







Top

SSL Certificate

by Aaron » Wed, 19 Nov 2003 23:44:15 GMT

use OpenSSL.
http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html





Top

SSL Certificate

by Karl » Thu, 20 Nov 2003 02:56:24 GMT

Thank you for the quick reply. The process completed without any errors but
IIS will not accept the certificate.









Top

SSL Certificate

by PL » Thu, 20 Nov 2003 04:37:03 GMT


Use this, works for me:
http://www.inventec.ch/chdh/notes/14.htm

Note that this is a .NET program and thus requires the .NEt runtime installed,
after that just follow the instructions.
The following command can be used to create and import a self-signed SSL test certificate:

makecert -r -pe -n "CN=www.yourserver.com" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky
exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12To install this certificate in IIS 5.0, open the IIS "Web Site
Properties", "Directory Security", "Server Certificate...", "Assign an existing certificate" and select the new certificate from the
list.


Of course these are still for demo/test/intranets and not real certs you can use
on a public site because no one will be fooled by them even though they are
fully usable no one will trust them.

PL.









Top

SSL Certificate

by Aaron » Thu, 20 Nov 2003 04:46:30 GMT

Since the cert was written in Unix format (there are little boxes for
line breaks in notepad) you have to open it in WordPad to view it, then
copy it to notepad, then save it ... then install it and IIS will accept
it ... the author left that out of their doc :) I have used the method
below without trouble ...







Top

SSL Certificate

by Aaron » Thu, 20 Nov 2003 04:46:57 GMT

I guess you could also just do a search / replace for the little boxes
and replace them with a line break








Top

SSL Certificate

by Karl » Thu, 20 Nov 2003 05:08:37 GMT

Thank you for your reply. The process is failing again with the message
"Keyset not found". Any Ideas what the problem could be? thank you





installed,
test certificate:
01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky
install this certificate in IIS 5.0, open the IIS "Web Site
existing certificate" and select the new certificate from the
can use
are

but






Top

SSL Certificate

by Karl » Thu, 20 Nov 2003 06:01:27 GMT

Sorry for posting to the wrong thread. Your method succeeded in generating
the certificate and I was able to use assign the certificate without any
error. At this point I cannot access my test website whether I use http://
or https://

Is there something else I need to do besides configuring my website to use
SSL which I configured like Microsoft recommends?




installed,
test certificate:
01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky
install this certificate in IIS 5.0, open the IIS "Web Site
existing certificate" and select the new certificate from the
can use
are

but






Top

SSL Certificate

by PL » Thu, 20 Nov 2003 06:24:51 GMT


Not to my knowledge, you need to have port 443 open in the firewall
if you use one.

Check your settings, verify that the server is running, check firewall settings,
other than that I have no suggestions, sorry.

PL.





Top

SSL Certificate

by Paul Lynch » Thu, 20 Nov 2003 07:52:18 GMT

Mark,

If you are using W2K3 you can use SelfSSL from the IIS6 Resource Kit :

http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en


Regards,

Paul Lynch
MCSE

Top

SSL Certificate

by MS » Wed, 26 Nov 2003 02:17:17 GMT

Hello,

I've installed an SSL certificate I created on an IIS 5.0 server. Whenever
our client use the website, they are asked to accept our SSL certificate
even after they install it. Is there a way to prevent the users from getting
prompted to install our certificate over and over again? Thank you in
advance.



Top

RE: SSL Certificate

by adavis » Thu, 27 Nov 2003 02:43:08 GMT


This posting is provided "AS IS" with no warranties, and confers no rights.

MS,

Are the users prompted because the certificate has been issued by a CA they
don't trust?

When using the "install certificate" button the Root CA certificate is
placed in the intermediate store, not the Trusted Root Store. When the
browser is closed the Root CA is removed from the Intermediate store.
Clients getting this prompt should install the Root CA certificate to the
Trusted Root Store.

There is a KB with ASP code included that will users can browse to and it
will prompt them if they want to install the Root CA in the Trusted Store,
and it works great!

297681 Error Message: This Security Certificate Was Issued by a Company that
http://support.microsoft.com/?id=297681

Thanks!
~Andrew Davis
Microsoft PSS Security


Top
Similar Threads

1. SSL Certificate, old certificate to new server 

On Thu, 8 Jul 2004 07:58:22 -0700, "PMC"
< XXXX@XXXXX.COM > wrote:

>I am trying to reinstall a certificate on an IIS 5 windows 
>2000 server machine.
>
>It has the same domain and ip address. The server was 
>hacked into so I blew it away (didn't want to trust 
>anything on it) and rebuilt it. It is the same in every 
>respect except the ftp holes were patched.
>
>I did not do a keybackup on the old machine because I did 
>not want to trust anything from when it was hacked, but 
>now I am stuck.
>
>I am trying to reinstall the ssl certificate, but am 
>having no luck. When I try to import the import list is 
>blank. When I try to make a new request and us my old cert 
>as the responce I get an invalid match (information the 
>same but the date range is probably causing the problem).
>
>Any idea of how to get the SSL certificate re-registered 
>on the machine?
>
>Thanks

Hello,

Full marks for not trusting a hacked server (smart move) but I'm
afraid if you haven't made a backup of your certificate when you
received it you won't be able to recover. 

Did you make a backup at any time which included your private key ?
If you haven't got that I'm afraid not even Verisign can help you :-/


Regards,

Paul Lynch
MCSE

2. IIS4 SSL certificate renewal : Identical certificate ? - IIS Server Security

3. New SSL Certificate is invalid after uninstalling Certificate Server 

Hello,

I was in the process of setting up an SSL web site on IIS 6.0 on
Windows 2003 Server.  I mistakenly installed Certificate Services
thinking it was needed.  I removed it but now when I try to install
the valid certificate from Thawte it shows up invalid because it lists
the issuer of the certificate as the name I entered when I installed
Certificate Server on the machine by mistake.  Has anyone out there
had this problem?

4. Major SSL Redirection Issue when no SSL certificate is installed

5. Exporting/Importing SSL Certificates in IIS with Private Key 

Is there any way in .NET using CSharp or VB.Net to export and import SSL 
Certificates to/from IIS along with the private key? Can anyone provide any 
examples?


-Walt Zydhek

6. SSL Certificate - ASP

7. Generating SSL Certificate for development purposes...

8. TLS/SSL certificate based authentication to smarthost/relayhost