Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 34842
  • Last Modified:

Self Signed Certificate in IIS6

Does anyone know how to create and install a self-signed secure transaction certificate for IIS6?

I'm running Windows XP Professional and need it in order to add realism the situation of a project I'm designing for a degree.
0
SurfingHamster
Asked:
SurfingHamster
1 Solution
 
af500Commented:
This says for IIS 5.0, but it works for IIS 6.0 as well.

Grab a copy of openssl

Then:
1. Go into IIS - Secured Directory - Server Certificate and request a certificate for your domain. This gives you c:\certreq.txt.

2. Go into mmc.exe and under REQUESTS export the request including private key as
PKCS12. Take off strong encryption. Enter a passphrase twice. This will create c:\yourfile.pfx

3. Run openssl against yourfile.pfx:
openssl pkcs12 -info -in yourfile.pfx -nodes

This will give you your private key, cut n paste it into a new file priv.txt
openssl req -x509 -key priv.txt -in certreq.txt > cert.txt

4. Go back into IIS and finish off the cert request using cert.txt. Turn on
port 443 for the site...

0
 
SurfingHamsterAuthor Commented:
Thanks for that, but I already found a way of doing it - really easily in fact!

I simply browsed to Microsoft's website and downloaded the IIS Resource Kit for Windows XP and Windows 2003.

There's a selfcert utility included which allows easy creation of keys; it even installs them for you!

I'll award you the points, though, for your efforts! :)
0
 
vukkoCommented:
instead of awarding points, how about posting the URL?
0
[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

 
icesoftwareCommented:
Hi there everybody!

I had the same problem and here is what I found out.

You can download IIS 6.0 Resource Kit Tools from:

http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

Just create a virtual site (or use one that you already have) setting it up for SSL. Basicly, you have to set the SSL Port to 443 in the mmc that manage IIS 6.0 and then go to the Directory Security tab and enable the use of the SSL channel (I advice to require 1024 bits encryption).
At this point you if you installe the IIS 6.0 resource kit, you should have a new menu entry called IIS resources (in your start menu->Programs). You need to use a tool called: IIS Metabase Explorer. Go to LM->W3SVC and select the items on the left (especially those with big numbers) to see on the right a description of them and find your virtual site. The big number is the ID of the site (if you instead wants to use the default site the ID is always 1). At this point, suppose the site has ID=1088768498 you have to issue:

SelfSSL /N:CN=yoursite.yourdomain.com /V:365 /S:1088768498

where:

/N:CN is the name of your site on the internet (or LAN)
/V: sets the number of days before the new certify expires
/S: is the ID we found

That's it the site is now operative and ready to go.

Hope this helps!

ACL
0
 
daluuCommented:
FYI: some additional info

Accordingly, SelfSSL supposedly only works for Win XP and 2003. Is that true?

Anyhow, if that's true, then for Win 2000, there may be another similar alternative though I haven't tested it out myself. Took a bit of searching though.

For win 2000 you'd want SSL Diagnostics from MS.
Get it at
http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&DisplayLang=en

info about how to use it at
http://www.microsoft.com/technet/community/columns/insider/iisi0304.mspx#EBCAA
0
 
JacquestheronCommented:
Is it true that with SelfSSL you can only create one self signed cert per web server?  This seems to be the case with our webserver. I created six cert's and only the last one that was created would work.  Does anyone know how to get around this to create self signed certificates for multiple SSL sites on one web server?

Jacques
0
 
daluuCommented:
Well, I believe there's also OpenSSL. There is probably a windows version or if not, you can use the Cygwin version to run on Windows. It's not as simple as using the MS/IIS SSL tools but it gives you a lot more options.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now