Solved

Windows - create strong certificates

Posted on 2016-08-23
5
94 Views
Last Modified: 2016-10-29
Hi,

WHat is the best way to create strong certificates for IIS servers.  The default values IIS provides is not acceptable.  Or can i use openssl on windows too or is there a better tool?
0
Comment
Question by:Eric Donaldson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 250 total points
ID: 41768256
I guess you mean 2048 or even higher for the bit length of a server certificate?

you can change the value of bit length when creating a certificate signing request using IIS manager.

a good tutorial can be found here.

https://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html
0
 
LVL 28

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 250 total points
ID: 41768331
imo, the best way to create strong certificates is to buy them from a recognized CA.  Locally generated certificates will be an issue if a server is connected to the internet and HTTPS service is required.
0
 

Author Comment

by:Eric Donaldson
ID: 41768528
This is just a test website and is not connected externally right now
0
 
LVL 37

Assisted Solution

by:bbao
bbao earned 250 total points
ID: 41768604
as the title suggested "Windows - create strong certificates", i guess the author intended to create certificates using a Windows based CA server.

does the suggestion above work for you?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41769242
Why do you say they're not strong enough?  Note that you can't get the current commercial certificates without a public domain name to go with them.  I'mnot even sure how you can test them on the LAN without an internet connection.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question