• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1543
  • Last Modified:

How to configure SSL on a Windows 2000 Server with IIS 5.0 and Ceritificate Server (not sure what version is running)

Hello.

Setup:

   I have an IIS Server (version 5.0) running on Server 2000. This server is Natted to a public ip. The public dns I created has the url correctly assigned to the appropriate public ip (DNS Stuff sees it no problem). I currently have two sites running off this setup (with separate natted private to publix ip's), with no problems (not using ssl), however, I am now attempting to set up a site (on its own natted private to public ip) that will require the following:

   SSL with Certificate Server (not sure which version. I cannot find where to find the version of CS [it is installed])

   On my DMZ router I have both port 80 and 443 patted correctly to the appropriate private ip (even with the firewall down the next information given did not work).

   Using the following link: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q290625, I setup my site exactly as directed up to "Submit a Certificate Request" (just below step 15).

   When I attempt to connect to my external FQDN/certsrv (url), I get the page cannot be found. According to the instructions from the aforementioned URL, under "Submit a Certificate Request" step 1 requires that you go to http://(in this case I put my external FQDN)/certsrv/. This is as far as I get.

   Any help would be much appreciated.

   supercell
0
supercell29
Asked:
supercell29
  • 2
1 Solution
 
Sam PanwarSr. Server AdministratorCommented:
If you want to install and configure the SSL in the window 2000 server then you have use the following steps and help

How To Configure SSL in a Windows 2000 IIS 5.0 Test Environment by Using Certificate Server 2.0

http://support.microsoft.com/default.aspx?scid=kb;en-us;290625

The full help :

A server certificate is what you'll want to do encrypted traffic over port 443 between IIS and a client's browser.   You can install CA on one of your IIS boxes and make your own certificates, you can get a temporary sample certificate for free from Verisign to test with and play with, or you can
purchase one from a certification authority such as Verisign or Thwate or such.

Client certificates are what you might want to issue to select clients if you want to control who can and cannot authenticate to an IIS website. Client certificates give you an alternative to Integrated, Digest, and Basic authentication and can even be mapped to Active Directory accounts.It gives you a method of authentication that works as seamlessly as Integrated authentication but, unlike integrated, will work over multiple router hops.

Here is a list of some certificate-related KB articles for your reference:

HOW TO: Set Up an HTTPS Service in IIS
http://support.microsoft.com/?id=324069

HOWTO: Set Up SSL Using IIS 5.0 and Certificate Server 2.0
http://support.microsoft.com/?id=299525

HOW TO: Configure SSL in a Windows 2000 IIS 5.0 Test Environment by
http://support.microsoft.com/?id=290625

Description of the Secure Sockets Layer (SSL) Handshake
http://support.microsoft.com/?id=257591

Description of the Server Authentication Process During the SSL
Handshake
http://support.microsoft.com/?id=257587

Description of the Client Authentication Process During the SSL
Handshake
http://support.microsoft.com/?id=257586

HOW TO: Use ASP to Force SSL for Specific Pages
http://support.microsoft.com/?id=239875

XCLN: Configuring Exchange OWA to Use SSL
http://support.microsoft.com/?id=234022

HOW TO: Obtain a Test Certificate or a Test Client Authentication
http://support.microsoft.com/?id=216907

How to Troubleshoot SSL in Internet Information Server 4.0
http://support.microsoft.com/?id=197306

HTTP 1.1 Host Headers Are Not Supported When You Use SSL
http://support.microsoft.com/?id=187504

How to Create and Install an SSL Certificate in Internet Information 4.0
http://support.microsoft.com/?id=228991

How to Force SSL Encryption for an Outlook Web Access 2000 Client
http://support.microsoft.com/?id=279681

Turning On SSL for Exchange 2000 Server Outlook Web Access
http://support.microsoft.com/?id=320291

HOW TO: Back Up a Server Certificate in Internet InformationServices 5.0
http://support.microsoft.com/?id=232136

How to Import a Server Certificate for Use in Internet InformationServices 5.0
http://support.microsoft.com/?id=232137

Certificate Authorities: Using Digital Certificates for Authentication (in IIS 4.0)
http://support.microsoft.com/?id=246072

Certificate Revocation Lists (CRL) and IIS 5.0: Common Questions
http://support.microsoft.com/?id=289749

How to Use a Certificate for SSL Authentication Within a WebPublishing (ISA 2000)
http://support.microsoft.com/?id=281106

How To Renew or Create New Certificate Signing Request While Another(IIS5)
http://support.microsoft.com/?id=295281

HOW TO: Export Certificates in Windows 2000
http://support.microsoft.com/?id=310114

HOW TO: Install Imported Certificates on a Web Server in Windows 2000
http://support.microsoft.com/?id=310178

HOW TO: Request a Certificate by Using the Certificates Snap-In(Win2k)
http://support.microsoft.com/?id=310389

HOW TO: Configure Certificate Trust Lists in Internet InformationServer 5.0
http://support.microsoft.com/?id=313071

HOW TO: Publish a Certificate Revocation List in Windows 2000
http://support.microsoft.com/?id=313281

HOW TO: Manage Certificates in Windows 2000
http://support.microsoft.com/?id=320878

HOW TO: Install a Server Certificate After a Pending Request Is
http://support.microsoft.com/?id=329508

This step-by-step article describes how to install a server certificate that you have obtained from a certification authority (such as VeriSign orThawte) after you have accidentally deleted a pending request for the certificate in Internet Service Manager.

HOW TO: Install Imported Certificates on a Web Server in WindowsServer (IIS 6)
http://support.microsoft.com/?id=816794

Download details: SSL Diagnostics Version 1.0 (x86)
Download the Secure Socket Layer (SSL) troubleshooting tool for Internet
Information Services (IIS).
http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a1...
83d4-06c814265282&displaylang=en

SSL Diagnostic Utility Download for IIS - Microsoft Service Providers Web administrators have a new tool for troubleshooting Secure Sockets Layer (SSL) configuration problems on IIS servers. SSL Diagnostics Version 1.0 gives administrators a central place to review metabase configurations,simulate IIS SSL client\server handshakes, and even generate a self-signed certificate with a single click.

http://www.microsoft.com/serviceproviders/downloads/ssl_diag_P133360.asp

How Secure Sockets Layer Works (Support Article)This article provides an overview of how Secure Sockets Layer (SSL) works.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q245152



Client Certificates:  Mapping, Revocation, etc…

232165 Enabling Certificate Revocation Checking in Internet Information
Server 4.0
http://support.microsoft.com/?id=232165

248058 Error Message: HTTP 403.13 Forbidden: Client Certificate Revoked
(IIS5)
http://support.microsoft.com/?id=248058

313070 HOW TO: Configure Client Certificate Mappings in Internet Information
http://support.microsoft.com/?id=313070

272175 HOW TO: Configure Active Directory Certificate Mapping (IIS5)
http://support.microsoft.com/?id=272175

216906 Comparing IIS 5.0 Certificate Mapping and Native Windows 2000
http://support.microsoft.com/?id=216906

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsen...

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/pr...
ol/windowsserver2003/proddocs/standard/sec_auth_mappingcertsone.asp
0
 
Sam PanwarSr. Server AdministratorCommented:
I think these all useful links and its will help in future
0
 
supercell29Author Commented:
Thank you very much!
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now