|
Home > Archive > IIS Server Security > March 2004 > SSL Certificate used for two redundant web servers...
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SSL Certificate used for two redundant web servers...
|
|
|
| I am currently running Windows 2000 server as my web servers.
I have a security certificate from verisign which is currently installed on my primary web server.
I have a second web server that is identical to the primary which is used when my primary server goes off line.
I followed the instructions of article 313299. Which shows how to copy the SSL certificate to the second server.
When I get to the step of assigning the imported certificate to the web site in IIS, no certificates show as available.
Any Ideas why? Or better, what makes a certificate available to be assigned to a site in IIS? Thanks for any assitance!
| |
| Bernard 2004-03-30, 4:34 am |
| This kb is essentially the same, but you can try again
HOW TO: Back Up a Server Certificate in Internet Information Services 5.0
http://support.microsoft.com/?id=232136
How to Import a Server Certificate for Use in Internet Information Services
5.0
http://support.microsoft.com/?id=232137
before you assign go to cert mmc, to see if the cert
install in local computer\personal folder.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Mike" <anonymous@discussions.microsoft.com> wrote in message
news:B074EFDB-99AC-414B-9460-D4391A590CA6@microsoft.com...
> I am currently running Windows 2000 server as my web servers.
> I have a security certificate from verisign which is currently installed
on my primary web server.
> I have a second web server that is identical to the primary which is used
when my primary server goes off line.
> I followed the instructions of article 313299. Which shows how to copy the
SSL certificate to the second server.
> When I get to the step of assigning the imported certificate to the web
site in IIS, no certificates show as available.
>
> Any Ideas why? Or better, what makes a certificate available to be
assigned to a site in IIS? Thanks for any assitance!
| |
|
| The problem is resolved... thanks for the help. Here is what I did to solve the problem!
I found that I was making a mistake and missing one step listed in every knowledge base article.
When adding the MMC snap-in (Certificates) to your MMC it will ask you to chose from one of the following:
-Current User
-Service Account
-Computer Account
When working with IIS and trying to enable SSL you must be managing the computer account.
The computer account is where a certificate goes to certify that the computer is really who it says it is.
The user and service certificates respectivly verifies the users and the services on that server.
When a user tries to connect to your server in SSL they just need to know that your server really is yours and not some elses.
As soon as I imported the certificate into the "Computer Account Certificates", under the personal certifcates folder, IIS was able to see it as a selectable certificate under the assign exisiting certificate section of the certificates wizard.
| |
| Bernard 2004-03-31, 2:36 am |
| Yes, it's must be local computer account \ personal store foldere.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Mike" <anonymous@discussions.microsoft.com> wrote in message
news:CF4AD51B-6079-4C7A-9BAC-F61BC764A870@microsoft.com...
> The problem is resolved... thanks for the help. Here is what I did to
solve the problem!
>
> I found that I was making a mistake and missing one step listed in every
knowledge base article.
>
> When adding the MMC snap-in (Certificates) to your MMC it will ask you to
chose from one of the following:
> -Current User
> -Service Account
> -Computer Account
>
> When working with IIS and trying to enable SSL you must be managing the
computer account.
> The computer account is where a certificate goes to certify that the
computer is really who it says it is.
> The user and service certificates respectivly verifies the users and the
services on that server.
>
> When a user tries to connect to your server in SSL they just need to know
that your server really is yours and not some elses.
>
> As soon as I imported the certificate into the "Computer Account
Certificates", under the personal certifcates folder, IIS was able to see it
as a selectable certificate under the assign exisiting certificate section
of the certificates wizard.
|
|
|
|
|