Link to home
Start Free TrialLog in
Avatar of Rossamino
Rossamino

asked on

How to use 2048 bit, SHA256 certificate with Win Server 2008 R2 and IIS 7.5

We've got a Windows Server 2008 R2 Datacenter machine running as an EC2 instance at Amazon.  We've always used and still use the IIS Certificates Manager to generate our certificates as SHA-1 2048bit.  Recently we've had a client ask us to install an SHA256bit 2048 key.  Well, IIS Cert Mgr doesn't do SHA256 so I've used OpenSSL-Win64 to produce a couple of files with this command:

openssl req -nodes -sha256 -newkey rsa:2048 -keyout C:\SSL\mysite2015-09-29_private.key -out C:\SSL\mysite2015-09-29.csr

Which produces two files:

mysite2015-09-29_private.key
mysite2015-09-29.csr

When opened in Notepad++ the files begin and end with -----BEGIN PRIVATE KEY----- / -----END PRIVATE KEY-----  and -----BEGIN CERTIFICATE REQUEST----- / -----END CERTIFICATE REQUEST----- repectively.

I have forwarded the .CSR file on to the client for them to register the thing with their favorite certificate authority.  I have no idea what to do next.

Do I need to somehow install the private.key into Certificate Manager.  There are a million different formats it seems, do I need to use a different format and how would I go about changing the format?  Also, because we'll be using a load balancer at some point I'll be needing the private key in .PEM format.  How do I do that conversion?  Do I need to install some sort of SSL handler to deal with the SHA256 or can IIS7.5 do that?  If so what does that mean for the other 8 certs we've already got installed?
ASKER CERTIFIED SOLUTION
Avatar of footech
footech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial