How to configure SSL on a Windows 2000 Server with IIS 5.0 and Ceritificate Server (not sure what version is running)

Posted on 2006-04-03
Last Modified: 2008-01-09


   I have an IIS Server (version 5.0) running on Server 2000. This server is Natted to a public ip. The public dns I created has the url correctly assigned to the appropriate public ip (DNS Stuff sees it no problem). I currently have two sites running off this setup (with separate natted private to publix ip's), with no problems (not using ssl), however, I am now attempting to set up a site (on its own natted private to public ip) that will require the following:

   SSL with Certificate Server (not sure which version. I cannot find where to find the version of CS [it is installed])

   On my DMZ router I have both port 80 and 443 patted correctly to the appropriate private ip (even with the firewall down the next information given did not work).

   Using the following link:;EN-US;q290625, I setup my site exactly as directed up to "Submit a Certificate Request" (just below step 15).

   When I attempt to connect to my external FQDN/certsrv (url), I get the page cannot be found. According to the instructions from the aforementioned URL, under "Submit a Certificate Request" step 1 requires that you go to http://(in this case I put my external FQDN)/certsrv/. This is as far as I get.

   Any help would be much appreciated.

Question by:supercell29
    LVL 18

    Accepted Solution

    If you want to install and configure the SSL in the window 2000 server then you have use the following steps and help

    How To Configure SSL in a Windows 2000 IIS 5.0 Test Environment by Using Certificate Server 2.0;en-us;290625

    The full help :

    A server certificate is what you'll want to do encrypted traffic over port 443 between IIS and a client's browser.   You can install CA on one of your IIS boxes and make your own certificates, you can get a temporary sample certificate for free from Verisign to test with and play with, or you can
    purchase one from a certification authority such as Verisign or Thwate or such.

    Client certificates are what you might want to issue to select clients if you want to control who can and cannot authenticate to an IIS website. Client certificates give you an alternative to Integrated, Digest, and Basic authentication and can even be mapped to Active Directory accounts.It gives you a method of authentication that works as seamlessly as Integrated authentication but, unlike integrated, will work over multiple router hops.

    Here is a list of some certificate-related KB articles for your reference:

    HOW TO: Set Up an HTTPS Service in IIS

    HOWTO: Set Up SSL Using IIS 5.0 and Certificate Server 2.0

    HOW TO: Configure SSL in a Windows 2000 IIS 5.0 Test Environment by

    Description of the Secure Sockets Layer (SSL) Handshake

    Description of the Server Authentication Process During the SSL

    Description of the Client Authentication Process During the SSL

    HOW TO: Use ASP to Force SSL for Specific Pages

    XCLN: Configuring Exchange OWA to Use SSL

    HOW TO: Obtain a Test Certificate or a Test Client Authentication

    How to Troubleshoot SSL in Internet Information Server 4.0

    HTTP 1.1 Host Headers Are Not Supported When You Use SSL

    How to Create and Install an SSL Certificate in Internet Information 4.0

    How to Force SSL Encryption for an Outlook Web Access 2000 Client

    Turning On SSL for Exchange 2000 Server Outlook Web Access

    HOW TO: Back Up a Server Certificate in Internet InformationServices 5.0

    How to Import a Server Certificate for Use in Internet InformationServices 5.0

    Certificate Authorities: Using Digital Certificates for Authentication (in IIS 4.0)

    Certificate Revocation Lists (CRL) and IIS 5.0: Common Questions

    How to Use a Certificate for SSL Authentication Within a WebPublishing (ISA 2000)

    How To Renew or Create New Certificate Signing Request While Another(IIS5)

    HOW TO: Export Certificates in Windows 2000

    HOW TO: Install Imported Certificates on a Web Server in Windows 2000

    HOW TO: Request a Certificate by Using the Certificates Snap-In(Win2k)

    HOW TO: Configure Certificate Trust Lists in Internet InformationServer 5.0

    HOW TO: Publish a Certificate Revocation List in Windows 2000

    HOW TO: Manage Certificates in Windows 2000

    HOW TO: Install a Server Certificate After a Pending Request Is

    This step-by-step article describes how to install a server certificate that you have obtained from a certification authority (such as VeriSign orThawte) after you have accidentally deleted a pending request for the certificate in Internet Service Manager.

    HOW TO: Install Imported Certificates on a Web Server in WindowsServer (IIS 6)

    Download details: SSL Diagnostics Version 1.0 (x86)
    Download the Secure Socket Layer (SSL) troubleshooting tool for Internet
    Information Services (IIS).

    SSL Diagnostic Utility Download for IIS - Microsoft Service Providers Web administrators have a new tool for troubleshooting Secure Sockets Layer (SSL) configuration problems on IIS servers. SSL Diagnostics Version 1.0 gives administrators a central place to review metabase configurations,simulate IIS SSL client\server handshakes, and even generate a self-signed certificate with a single click.

    How Secure Sockets Layer Works (Support Article)This article provides an overview of how Secure Sockets Layer (SSL) works.;EN-US;q245152

    Client Certificates:  Mapping, Revocation, etc…

    232165 Enabling Certificate Revocation Checking in Internet Information
    Server 4.0

    248058 Error Message: HTTP 403.13 Forbidden: Client Certificate Revoked

    313070 HOW TO: Configure Client Certificate Mappings in Internet Information

    272175 HOW TO: Configure Active Directory Certificate Mapping (IIS5)

    216906 Comparing IIS 5.0 Certificate Mapping and Native Windows 2000
    LVL 18

    Expert Comment

    by:Sam Panwar
    I think these all useful links and its will help in future

    Author Comment

    Thank you very much!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Article by: kevp75
    Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
    When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now