Solved

Self Signed Certificate in IIS6

Posted on 2003-11-23
7
34,744 Views
Last Modified: 2011-08-18
Does anyone know how to create and install a self-signed secure transaction certificate for IIS6?

I'm running Windows XP Professional and need it in order to add realism the situation of a project I'm designing for a degree.
0
Comment
Question by:SurfingHamster
7 Comments
 
LVL 4

Accepted Solution

by:
af500 earned 125 total points
ID: 9814269
This says for IIS 5.0, but it works for IIS 6.0 as well.

Grab a copy of openssl

Then:
1. Go into IIS - Secured Directory - Server Certificate and request a certificate for your domain. This gives you c:\certreq.txt.

2. Go into mmc.exe and under REQUESTS export the request including private key as
PKCS12. Take off strong encryption. Enter a passphrase twice. This will create c:\yourfile.pfx

3. Run openssl against yourfile.pfx:
openssl pkcs12 -info -in yourfile.pfx -nodes

This will give you your private key, cut n paste it into a new file priv.txt
openssl req -x509 -key priv.txt -in certreq.txt > cert.txt

4. Go back into IIS and finish off the cert request using cert.txt. Turn on
port 443 for the site...

0
 

Author Comment

by:SurfingHamster
ID: 9814610
Thanks for that, but I already found a way of doing it - really easily in fact!

I simply browsed to Microsoft's website and downloaded the IIS Resource Kit for Windows XP and Windows 2003.

There's a selfcert utility included which allows easy creation of keys; it even installs them for you!

I'll award you the points, though, for your efforts! :)
0
 

Expert Comment

by:vukko
ID: 11942066
instead of awarding points, how about posting the URL?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Expert Comment

by:icesoftware
ID: 11950983
Hi there everybody!

I had the same problem and here is what I found out.

You can download IIS 6.0 Resource Kit Tools from:

http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

Just create a virtual site (or use one that you already have) setting it up for SSL. Basicly, you have to set the SSL Port to 443 in the mmc that manage IIS 6.0 and then go to the Directory Security tab and enable the use of the SSL channel (I advice to require 1024 bits encryption).
At this point you if you installe the IIS 6.0 resource kit, you should have a new menu entry called IIS resources (in your start menu->Programs). You need to use a tool called: IIS Metabase Explorer. Go to LM->W3SVC and select the items on the left (especially those with big numbers) to see on the right a description of them and find your virtual site. The big number is the ID of the site (if you instead wants to use the default site the ID is always 1). At this point, suppose the site has ID=1088768498 you have to issue:

SelfSSL /N:CN=yoursite.yourdomain.com /V:365 /S:1088768498

where:

/N:CN is the name of your site on the internet (or LAN)
/V: sets the number of days before the new certify expires
/S: is the ID we found

That's it the site is now operative and ready to go.

Hope this helps!

ACL
0
 
LVL 4

Expert Comment

by:daluu
ID: 13973284
FYI: some additional info

Accordingly, SelfSSL supposedly only works for Win XP and 2003. Is that true?

Anyhow, if that's true, then for Win 2000, there may be another similar alternative though I haven't tested it out myself. Took a bit of searching though.

For win 2000 you'd want SSL Diagnostics from MS.
Get it at
http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&DisplayLang=en

info about how to use it at
http://www.microsoft.com/technet/community/columns/insider/iisi0304.mspx#EBCAA
0
 

Expert Comment

by:Jacquestheron
ID: 22250415
Is it true that with SelfSSL you can only create one self signed cert per web server?  This seems to be the case with our webserver. I created six cert's and only the last one that was created would work.  Does anyone know how to get around this to create self signed certificates for multiple SSL sites on one web server?

Jacques
0
 
LVL 4

Expert Comment

by:daluu
ID: 22251967
Well, I believe there's also OpenSSL. There is probably a windows version or if not, you can use the Cygwin version to run on Windows. It's not as simple as using the MS/IIS SSL tools but it gives you a lot more options.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Autoresponder for Whole Domain in Plesk/Cpanel 2 76
ip / url redirect 13 71
How to stress test an ASP.NET https website 3 71
Create sub domain on windows dedicated server. 13 56
A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now