IIS Server Security - SSL with internal CA and public clients

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > January 2004 > SSL with internal CA and public clients





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author SSL with internal CA and public clients
Bobby

2004-01-24, 2:02 am

We have 3 web sites that we have individual verisign ssl
certificates for. We would like to run our own CA server
to cut down costs.

I've setup a test server with an SSL certificate generated
by our internal CA server. Our domain computers can
access the server over SSL fine. External computers
cannot.

I believe this is because the external computers need our
CA server in their approved list or something. What is
the best way to do this without user intervention? Is it
possible to buy a certificate for that 1 server? What can
we do?

Thanks.
Kyle Terns [MSFT]

2004-01-26, 10:35 am

Hi Bobby,

What do you mean when you say external computers cannot access the site
over SSL? Are they getting prompted to trust the site but then can get in
or do they get an error and can't get in at all?

If you are talking about getting prompted to trust the site, then there is
not a way around this other than to purchase a certificate from an already
trusted authority, like VeriSign. Check out the below article for more
information:

297681 Error Message: This Security Certificate Was Issued by a Company that
http://support.microsoft.com/?id=297681

Hope this helps!

Kyle Terns, MCSD
Microsoft Developer Support
Internet Information Server

***********************[QUOTE][color=dar
kred]
account name for newsgroup participation only.<<

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
© 2003 Microsoft Corporation. All rights reserved.
***********************
--------------------
| Content-Class: urn:content-classes:message
| From: "Bobby" <anonymous@discussions.microsoft.com>
| Sender: "Bobby" <anonymous@discussions.microsoft.com>
| Subject: SSL with internal CA and public clients
| Date: Fri, 23 Jan 2004 13:40:12 -0800
| Lines: 16
| Message-ID: <34f101c3e1f9$7b5ffb60$a401280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcPh+XtfZ9F3BGLPRWiQTyXurd54QQ==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.inetserver.iis.security
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.inetserver.iis.security:8915
| NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| We have 3 web sites that we have individual verisign ssl
| certificates for. We would like to run our own CA server
| to cut down costs.
|
| I've setup a test server with an SSL certificate generated
| by our internal CA server. Our domain computers can
| access the server over SSL fine. External computers
| cannot.
|
| I believe this is because the external computers need our
| CA server in their approved list or something. What is
| the best way to do this without user intervention? Is it
| possible to buy a certificate for that 1 server? What can
| we do?
|
| Thanks.
|

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com