Solved

Self Signed Certificate in IIS6

Posted on 2003-11-23
7
34,716 Views
Last Modified: 2011-08-18
Does anyone know how to create and install a self-signed secure transaction certificate for IIS6?

I'm running Windows XP Professional and need it in order to add realism the situation of a project I'm designing for a degree.
0
Comment
Question by:SurfingHamster
7 Comments
 
LVL 4

Accepted Solution

by:
af500 earned 125 total points
ID: 9814269
This says for IIS 5.0, but it works for IIS 6.0 as well.

Grab a copy of openssl

Then:
1. Go into IIS - Secured Directory - Server Certificate and request a certificate for your domain. This gives you c:\certreq.txt.

2. Go into mmc.exe and under REQUESTS export the request including private key as
PKCS12. Take off strong encryption. Enter a passphrase twice. This will create c:\yourfile.pfx

3. Run openssl against yourfile.pfx:
openssl pkcs12 -info -in yourfile.pfx -nodes

This will give you your private key, cut n paste it into a new file priv.txt
openssl req -x509 -key priv.txt -in certreq.txt > cert.txt

4. Go back into IIS and finish off the cert request using cert.txt. Turn on
port 443 for the site...

0
 

Author Comment

by:SurfingHamster
ID: 9814610
Thanks for that, but I already found a way of doing it - really easily in fact!

I simply browsed to Microsoft's website and downloaded the IIS Resource Kit for Windows XP and Windows 2003.

There's a selfcert utility included which allows easy creation of keys; it even installs them for you!

I'll award you the points, though, for your efforts! :)
0
 

Expert Comment

by:vukko
ID: 11942066
instead of awarding points, how about posting the URL?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Expert Comment

by:icesoftware
ID: 11950983
Hi there everybody!

I had the same problem and here is what I found out.

You can download IIS 6.0 Resource Kit Tools from:

http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

Just create a virtual site (or use one that you already have) setting it up for SSL. Basicly, you have to set the SSL Port to 443 in the mmc that manage IIS 6.0 and then go to the Directory Security tab and enable the use of the SSL channel (I advice to require 1024 bits encryption).
At this point you if you installe the IIS 6.0 resource kit, you should have a new menu entry called IIS resources (in your start menu->Programs). You need to use a tool called: IIS Metabase Explorer. Go to LM->W3SVC and select the items on the left (especially those with big numbers) to see on the right a description of them and find your virtual site. The big number is the ID of the site (if you instead wants to use the default site the ID is always 1). At this point, suppose the site has ID=1088768498 you have to issue:

SelfSSL /N:CN=yoursite.yourdomain.com /V:365 /S:1088768498

where:

/N:CN is the name of your site on the internet (or LAN)
/V: sets the number of days before the new certify expires
/S: is the ID we found

That's it the site is now operative and ready to go.

Hope this helps!

ACL
0
 
LVL 4

Expert Comment

by:daluu
ID: 13973284
FYI: some additional info

Accordingly, SelfSSL supposedly only works for Win XP and 2003. Is that true?

Anyhow, if that's true, then for Win 2000, there may be another similar alternative though I haven't tested it out myself. Took a bit of searching though.

For win 2000 you'd want SSL Diagnostics from MS.
Get it at
http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&DisplayLang=en

info about how to use it at
http://www.microsoft.com/technet/community/columns/insider/iisi0304.mspx#EBCAA
0
 

Expert Comment

by:Jacquestheron
ID: 22250415
Is it true that with SelfSSL you can only create one self signed cert per web server?  This seems to be the case with our webserver. I created six cert's and only the last one that was created would work.  Does anyone know how to get around this to create self signed certificates for multiple SSL sites on one web server?

Jacques
0
 
LVL 4

Expert Comment

by:daluu
ID: 22251967
Well, I believe there's also OpenSSL. There is probably a windows version or if not, you can use the Cygwin version to run on Windows. It's not as simple as using the MS/IIS SSL tools but it gives you a lot more options.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now