How to configure SSL on a Windows 2000 Server with IIS 5.0 and Ceritificate Server (not sure what version is running)



   I have an IIS Server (version 5.0) running on Server 2000. This server is Natted to a public ip. The public dns I created has the url correctly assigned to the appropriate public ip (DNS Stuff sees it no problem). I currently have two sites running off this setup (with separate natted private to publix ip's), with no problems (not using ssl), however, I am now attempting to set up a site (on its own natted private to public ip) that will require the following:

   SSL with Certificate Server (not sure which version. I cannot find where to find the version of CS [it is installed])

   On my DMZ router I have both port 80 and 443 patted correctly to the appropriate private ip (even with the firewall down the next information given did not work).

   Using the following link:;EN-US;q290625, I setup my site exactly as directed up to "Submit a Certificate Request" (just below step 15).

   When I attempt to connect to my external FQDN/certsrv (url), I get the page cannot be found. According to the instructions from the aforementioned URL, under "Submit a Certificate Request" step 1 requires that you go to http://(in this case I put my external FQDN)/certsrv/. This is as far as I get.

   Any help would be much appreciated.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sam PanwarSr. Server AdministratorCommented:
If you want to install and configure the SSL in the window 2000 server then you have use the following steps and help

How To Configure SSL in a Windows 2000 IIS 5.0 Test Environment by Using Certificate Server 2.0;en-us;290625

The full help :

A server certificate is what you'll want to do encrypted traffic over port 443 between IIS and a client's browser.   You can install CA on one of your IIS boxes and make your own certificates, you can get a temporary sample certificate for free from Verisign to test with and play with, or you can
purchase one from a certification authority such as Verisign or Thwate or such.

Client certificates are what you might want to issue to select clients if you want to control who can and cannot authenticate to an IIS website. Client certificates give you an alternative to Integrated, Digest, and Basic authentication and can even be mapped to Active Directory accounts.It gives you a method of authentication that works as seamlessly as Integrated authentication but, unlike integrated, will work over multiple router hops.

Here is a list of some certificate-related KB articles for your reference:

HOW TO: Set Up an HTTPS Service in IIS

HOWTO: Set Up SSL Using IIS 5.0 and Certificate Server 2.0

HOW TO: Configure SSL in a Windows 2000 IIS 5.0 Test Environment by

Description of the Secure Sockets Layer (SSL) Handshake

Description of the Server Authentication Process During the SSL

Description of the Client Authentication Process During the SSL

HOW TO: Use ASP to Force SSL for Specific Pages

XCLN: Configuring Exchange OWA to Use SSL

HOW TO: Obtain a Test Certificate or a Test Client Authentication

How to Troubleshoot SSL in Internet Information Server 4.0

HTTP 1.1 Host Headers Are Not Supported When You Use SSL

How to Create and Install an SSL Certificate in Internet Information 4.0

How to Force SSL Encryption for an Outlook Web Access 2000 Client

Turning On SSL for Exchange 2000 Server Outlook Web Access

HOW TO: Back Up a Server Certificate in Internet InformationServices 5.0

How to Import a Server Certificate for Use in Internet InformationServices 5.0

Certificate Authorities: Using Digital Certificates for Authentication (in IIS 4.0)

Certificate Revocation Lists (CRL) and IIS 5.0: Common Questions

How to Use a Certificate for SSL Authentication Within a WebPublishing (ISA 2000)

How To Renew or Create New Certificate Signing Request While Another(IIS5)

HOW TO: Export Certificates in Windows 2000

HOW TO: Install Imported Certificates on a Web Server in Windows 2000

HOW TO: Request a Certificate by Using the Certificates Snap-In(Win2k)

HOW TO: Configure Certificate Trust Lists in Internet InformationServer 5.0

HOW TO: Publish a Certificate Revocation List in Windows 2000

HOW TO: Manage Certificates in Windows 2000

HOW TO: Install a Server Certificate After a Pending Request Is

This step-by-step article describes how to install a server certificate that you have obtained from a certification authority (such as VeriSign orThawte) after you have accidentally deleted a pending request for the certificate in Internet Service Manager.

HOW TO: Install Imported Certificates on a Web Server in WindowsServer (IIS 6)

Download details: SSL Diagnostics Version 1.0 (x86)
Download the Secure Socket Layer (SSL) troubleshooting tool for Internet
Information Services (IIS).

SSL Diagnostic Utility Download for IIS - Microsoft Service Providers Web administrators have a new tool for troubleshooting Secure Sockets Layer (SSL) configuration problems on IIS servers. SSL Diagnostics Version 1.0 gives administrators a central place to review metabase configurations,simulate IIS SSL client\server handshakes, and even generate a self-signed certificate with a single click.

How Secure Sockets Layer Works (Support Article)This article provides an overview of how Secure Sockets Layer (SSL) works.;EN-US;q245152

Client Certificates:  Mapping, Revocation, etc…

232165 Enabling Certificate Revocation Checking in Internet Information
Server 4.0

248058 Error Message: HTTP 403.13 Forbidden: Client Certificate Revoked

313070 HOW TO: Configure Client Certificate Mappings in Internet Information

272175 HOW TO: Configure Active Directory Certificate Mapping (IIS5)

216906 Comparing IIS 5.0 Certificate Mapping and Native Windows 2000

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sam PanwarSr. Server AdministratorCommented:
I think these all useful links and its will help in future
supercell29Author Commented:
Thank you very much!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.