IIS Server Security, Programmatically binding certificate to IIS 5.0

microsoft.public.inetserver.iis.security - About IIS Web Server Security Issues


IIS Server Security >> Programmatically binding certificate to IIS 5.0

by Dave Miller » Tue, 23 Dec 2003 00:10:43 GMT

I've been scouring the groups for resources and
information on how to programmatically bind a server
certificate to IIS 5.0 on Win2K. I've found the
following article (http://groups.google.com/groups?
q=IIS+certificate+programmatically&hl=en&lr=&ie=UTF-
8&oe=UTF-8&c2coff=1&selm=GRrWihEUCHA.2612%
40cpmsftngxa08&rnum=8) that references the CertImp.exe
utility, however, I've been unable to locate the
utility. It mentions that there is no means to do this
programmatically. Are there any other options?

I need to:

1. Programmatically bind the certificate to IIS
2. Map the client certificate and user account (I
believe this can be done through ADSI - IISCertMapper -
true?)

Any help (especially sample code) would be greatly
appreciated.

Dave

Top

IIS Server Security >> RE: Programmatically binding certificate to IIS 5.0

by a-jamur » Sat, 27 Dec 2003 13:29:43 GMT


HI Dave,

Certimp.exe was an unsupported tool and I don't think that article
exists anymore, but this article should do the trick for you.

http://support.microsoft.com/?id=313624

Best regards,
Jason M. Murray [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.


--------------------
| Content-Class: urn:content-classes:message
| From: "Dave Miller" < XXXX@XXXXX.COM >
| Sender: "Dave Miller" < XXXX@XXXXX.COM >
| Subject: Programmatically binding certificate to IIS 5.0
| Date: Mon, 22 Dec 2003 08:10:43 -0800
| Lines: 22
| Message-ID: <05a201c3c8a6$26e14650$ XXXX@XXXXX.COM >
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcPIpibhAU4Yi2CeRTi2aqJ3qXdJtA==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.inetserver.iis.security
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.inetserver.iis.security:8071
| NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| I've been scouring the groups for resources and
| information on how to programmatically bind a server
| certificate to IIS 5.0 on Win2K. I've found the
| following article ( http://groups.google.com/groups?
| q=IIS+certificate+programmatically&hl=en&lr=&ie=UTF-
| 8&oe=UTF-8&c2coff=1&selm=GRrWihEUCHA.2612%
| 40cpmsftngxa08&rnum=8) that references the CertImp.exe
| utility, however, I've been unable to locate the
| utility. It mentions that there is no means to do this
| programmatically. Are there any other options?
|
| I need to:
|
| 1. Programmatically bind the certificate to IIS
| 2. Map the client certificate and user account (I
| believe this can be done through ADSI - IISCertMapper -
| true?)
|
| Any help (especially sample code) would be greatly
| appreciated.
|
| Dave
|



Top

IIS Server Security >> RE: Programmatically binding certificate to IIS 5.0

by Dave Miller » Thu, 01 Jan 2004 02:25:52 GMT

Jason -

Thanks so much for your answer! It was incredibly
helpful. The one final problem I'm running into is now
trying to set a binary metabase property (SSLCertHash)
from C# (System.DirectoryServices). From the
documentation I've found, it seems that it is unsupported
prior to Win2k3 and IIS 6 (I'm trying to run on Win2K,
IIS 5) - http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/iissdk/iis/setting_an_ssl_certificate_hash_using_system
_directoryservices.asp. Is there any alternative using
C# to set binary metabase properties? Or must I resort
to C++ per the example you provided?

Thanks!

Dave
think that article
you.
confers no rights.
specified at
5.0
V5.50.4910.0300
microsoft.public.inetserver.iis.security:8071
this


Top

RE: Programmatically binding certificate to IIS 5.0

by a-jamur » Sun, 04 Jan 2004 19:41:29 GMT

orry dave I couldn't find any c# examples, but you could always be the
first!

Best regards,
Jason M. Murray [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.


--------------------
| Content-Class: urn:content-classes:message
| From: "Dave Miller" < XXXX@XXXXX.COM >
| Sender: "Dave Miller" < XXXX@XXXXX.COM >
| References: <05a201c3c8a6$26e14650$ XXXX@XXXXX.COM >
< XXXX@XXXXX.COM >
| Subject: RE: Programmatically binding certificate to IIS 5.0
| Date: Wed, 31 Dec 2003 10:25:52 -0800
| Lines: 89
| Message-ID: <0a5901c3cfcb$85756580$ XXXX@XXXXX.COM >
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcPPy4V1WPoRv+5CTcek1fodPwMywg==
| Newsgroups: microsoft.public.inetserver.iis.security
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.inetserver.iis.security:8249
| NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| Jason -
|
| Thanks so much for your answer! It was incredibly
| helpful. The one final problem I'm running into is now
| trying to set a binary metabase property (SSLCertHash)
| from C# (System.DirectoryServices). From the
| documentation I've found, it seems that it is unsupported
| prior to Win2k3 and IIS 6 (I'm trying to run on Win2K,
| IIS 5) - http://msdn.microsoft.com/library/default.asp?
| url=/library/en-
| us/iissdk/iis/setting_an_ssl_certificate_hash_using_system
| _directoryservices.asp. Is there any alternative using
| C# to set binary metabase properties? Or must I resort
| to C++ per the example you provided?
|
| Thanks!
|
| Dave
| >-----Original Message-----
| >HI Dave,
| >
| > Certimp.exe was an unsupported tool and I don't
| think that article
| >exists anymore, but this article should do the trick for
| you.
| >
| >http://support.microsoft.com/?id=313624
| >
| >Best regards,
| >Jason M. Murray [MSFT]
| >This posting is provided "AS IS" with no warranties, and
| confers no rights.
| >Use of included script samples are subject to the terms
| specified at
| >http://www.microsoft.com/info/cpyright.htm.
| >
| >
| >--------------------
| >| Content-Class: urn:content-classes:message
| >| From: "Dave Miller" < XXXX@XXXXX.COM >
| >| Sender: "Dave Miller" < XXXX@XXXXX.COM >
| >| Subject: Programmatically binding certificate to IIS
| 5.0
| >| Date: Mon, 22 Dec 2003 08:10:43 -0800
| >| Lines: 22
| >| Message-ID: <05a201c3c8a6$26e14650$ XXXX@XXXXX.COM >
| >| MIME-Version: 1.0
| >| Content-Type: text/plain;
| >| charset="iso-8859-1"
| >| Content-Transfer-Encoding: 7bit
| >| X-Newsreader: Microsoft CDO for Windows 2000
| >| Thread-Index: AcPIpibhAU4Yi2CeRTi2aqJ3qXdJtA==
| >| X-MimeOLE: Produced By Microsoft MimeOLE
| V5.50.4910.0300
| >| Newsgroups: microsoft.public.inetserver.iis.security
| >| Path: cpmsftngxa07.phx.gbl
| >| Xref: cpmsftngxa07.phx.gbl
| microsoft.public.inetserver.iis.security:8071
| >| NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10
Top
Similar Threads

1. Programmatically install IIS 5.0 in windows 2000 

Is it possible to programmatically install IIS 5.0 on Windows 2000 (wrk
and server) ?

thank you
bye
marco

2. Programmatically mapping certificate to user account in IIS - IIS Server Security

3. Programmatically ban IPs within IIS 5.0 and W2k 

Does anyone know how to programmtically ban IPs within 
IIS 5.0 and W2k?  

I have a process that parsers my IIS logs looking for 
malicious activity.  I want to be able to programmtically 
add the IP address of the malicious requestor to the 
denied/blocked list.

Thanks...

4. Programmatically assign certificate on IIS server - IIS Server Security

5. Programmatically adding SSL certificate 

Short version: how can you get IIS to use a certificate for SSL without using 
the wizards?

Longer version:

I am writing some automated tests for a web service.

I need to write some code that will configure the web site (the system under 
test) to use an SSL certificate.

The only way I can find to make IIS use a server certificate is to run the 
wizards by hand. I need to automate the process.

Thanks for any help.

6. Bind multiple certificate to one web site

7. Programmatically enabling Web Service extensions on IIS6.0/5.0 

Hello,
My application uses WebDAV for communication with an exchange server. As 
part of the installation of my app, I currently include a manual step to 
enable WebDAV (web service extension) on IIS 6.0. Is there a way to enable 
this extension programmatically instead of manual step?

Thanks in advance.

8. IIS6 does not work with programmatically installed certificate - IIS Server Security