Solved

Self Signed Certificate in IIS6

Posted on 2003-11-23
7
34,767 Views
Last Modified: 2011-08-18
Does anyone know how to create and install a self-signed secure transaction certificate for IIS6?

I'm running Windows XP Professional and need it in order to add realism the situation of a project I'm designing for a degree.
0
Comment
Question by:SurfingHamster
7 Comments
 
LVL 4

Accepted Solution

by:
af500 earned 125 total points
ID: 9814269
This says for IIS 5.0, but it works for IIS 6.0 as well.

Grab a copy of openssl

Then:
1. Go into IIS - Secured Directory - Server Certificate and request a certificate for your domain. This gives you c:\certreq.txt.

2. Go into mmc.exe and under REQUESTS export the request including private key as
PKCS12. Take off strong encryption. Enter a passphrase twice. This will create c:\yourfile.pfx

3. Run openssl against yourfile.pfx:
openssl pkcs12 -info -in yourfile.pfx -nodes

This will give you your private key, cut n paste it into a new file priv.txt
openssl req -x509 -key priv.txt -in certreq.txt > cert.txt

4. Go back into IIS and finish off the cert request using cert.txt. Turn on
port 443 for the site...

0
 

Author Comment

by:SurfingHamster
ID: 9814610
Thanks for that, but I already found a way of doing it - really easily in fact!

I simply browsed to Microsoft's website and downloaded the IIS Resource Kit for Windows XP and Windows 2003.

There's a selfcert utility included which allows easy creation of keys; it even installs them for you!

I'll award you the points, though, for your efforts! :)
0
 

Expert Comment

by:vukko
ID: 11942066
instead of awarding points, how about posting the URL?
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Expert Comment

by:icesoftware
ID: 11950983
Hi there everybody!

I had the same problem and here is what I found out.

You can download IIS 6.0 Resource Kit Tools from:

http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

Just create a virtual site (or use one that you already have) setting it up for SSL. Basicly, you have to set the SSL Port to 443 in the mmc that manage IIS 6.0 and then go to the Directory Security tab and enable the use of the SSL channel (I advice to require 1024 bits encryption).
At this point you if you installe the IIS 6.0 resource kit, you should have a new menu entry called IIS resources (in your start menu->Programs). You need to use a tool called: IIS Metabase Explorer. Go to LM->W3SVC and select the items on the left (especially those with big numbers) to see on the right a description of them and find your virtual site. The big number is the ID of the site (if you instead wants to use the default site the ID is always 1). At this point, suppose the site has ID=1088768498 you have to issue:

SelfSSL /N:CN=yoursite.yourdomain.com /V:365 /S:1088768498

where:

/N:CN is the name of your site on the internet (or LAN)
/V: sets the number of days before the new certify expires
/S: is the ID we found

That's it the site is now operative and ready to go.

Hope this helps!

ACL
0
 
LVL 4

Expert Comment

by:daluu
ID: 13973284
FYI: some additional info

Accordingly, SelfSSL supposedly only works for Win XP and 2003. Is that true?

Anyhow, if that's true, then for Win 2000, there may be another similar alternative though I haven't tested it out myself. Took a bit of searching though.

For win 2000 you'd want SSL Diagnostics from MS.
Get it at
http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&DisplayLang=en

info about how to use it at
http://www.microsoft.com/technet/community/columns/insider/iisi0304.mspx#EBCAA
0
 

Expert Comment

by:Jacquestheron
ID: 22250415
Is it true that with SelfSSL you can only create one self signed cert per web server?  This seems to be the case with our webserver. I created six cert's and only the last one that was created would work.  Does anyone know how to get around this to create self signed certificates for multiple SSL sites on one web server?

Jacques
0
 
LVL 4

Expert Comment

by:daluu
ID: 22251967
Well, I believe there's also OpenSSL. There is probably a windows version or if not, you can use the Cygwin version to run on Windows. It's not as simple as using the MS/IIS SSL tools but it gives you a lot more options.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Script 12 190
Using Route 53, Record Sets & Health Checks 2 Node Exchange 2016 environment 2 107
Company website 6 44
Customising IE behaviour on certain pages 2 55
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
What You Need to Know when Searching for a Webhost Provider
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question