|
Home > Archive > IIS Server Security > August 2005 > MakeCert, SSL and IIS6 problems.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
MakeCert, SSL and IIS6 problems.
|
|
|
| I have created 3 certificates with following commands:
makecert -sk myselfkey -pe -r -n "CN=mycomputer authority" myself.cer -ss
root -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy
12
makecert -sk myserverkey -pe -n "CN=mycomputer server" my_server.cer -ic
myself.cer -is root -ss my -sky exchange -sp "Microsoft RSA SChannel
Cryptographic Provider" -sy 12
The first one is self signing certificate, second one is for IIS server
certificate, and third one for IE client certificate. After I moved them
around in the certificate stores, here is how they looked:
1) The first certificate (self signing) is located in "Trusted Root
Certification Authorities" in "Certificates (Local Computer)".
2) The second certificate (server) is located in "Personal" in "Certificates
(Local Computer)". This has the private key with it. The public part of the
certificate is stored in "Personal" in "Certificates (Current User)".
Using the IIS manager admin tool, I assigned the second (server) certificate
to the default web site on my machine. I created a virtual directory with a
simple html page. I made sure that this virtual directory and the simple
html page work without configuring SSL using http in the url. Then I
modified the File Security settings of the simple html page to require SSL.
However the page fails to load with "https" in the url. The information
shown on the browser is vague. However when I switch to another certificate
from third party, it works fine.
When I used the certificate from makecert, I was not able to see the SSL
request in IIS log either.
Is some thing wrong with the way I used makecert tool? Any help is greatly
appreciated.
Thanks.
Raghu/..
| |
| David Wang [Msft] 2005-08-22, 5:59 pm |
| Use SelfSSL to determine what is wrong with your certificate.
http://www.microsoft.com/downloads/...&DisplayLang=en
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Raghu" <Raghu@Nospam.com> wrote in message
news:ei%232Xq0pFHA.3812@TK2MSFTNGP10.phx.gbl...
I have created 3 certificates with following commands:
makecert -sk myselfkey -pe -r -n "CN=mycomputer authority" myself.cer -ss
root -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy
12
makecert -sk myserverkey -pe -n "CN=mycomputer server" my_server.cer -ic
myself.cer -is root -ss my -sky exchange -sp "Microsoft RSA SChannel
Cryptographic Provider" -sy 12
The first one is self signing certificate, second one is for IIS server
certificate, and third one for IE client certificate. After I moved them
around in the certificate stores, here is how they looked:
1) The first certificate (self signing) is located in "Trusted Root
Certification Authorities" in "Certificates (Local Computer)".
2) The second certificate (server) is located in "Personal" in "Certificates
(Local Computer)". This has the private key with it. The public part of the
certificate is stored in "Personal" in "Certificates (Current User)".
Using the IIS manager admin tool, I assigned the second (server) certificate
to the default web site on my machine. I created a virtual directory with a
simple html page. I made sure that this virtual directory and the simple
html page work without configuring SSL using http in the url. Then I
modified the File Security settings of the simple html page to require SSL.
However the page fails to load with "https" in the url. The information
shown on the browser is vague. However when I switch to another certificate
from third party, it works fine.
When I used the certificate from makecert, I was not able to see the SSL
request in IIS log either.
Is some thing wrong with the way I used makecert tool? Any help is greatly
appreciated.
Thanks.
Raghu/..
| |
|
| David,
Thanks for the information. When I used SSLDiag.exe it showed me following:
#You have a private key that corresponds to this certificate
But when I impersonated the server account, it showed me following:
#WARNING: You have a private key that corresponds to this certificate but
CryptAcquireCertificatePrivateKey failed
How can I correct this problem?
Thanks.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:uK$Q$W1pFHA.3536@TK2MSFTNGP15.phx.gbl...
> Use SelfSSL to determine what is wrong with your certificate.
>
> http://www.microsoft.com/downloads/...&DisplayLang=en
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Raghu" <Raghu@Nospam.com> wrote in message
> news:ei%232Xq0pFHA.3812@TK2MSFTNGP10.phx.gbl...
> I have created 3 certificates with following commands:
>
> makecert -sk myselfkey -pe -r -n "CN=mycomputer authority" myself.cer -ss
> root -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy
> 12
>
> makecert -sk myserverkey -pe -n "CN=mycomputer server" my_server.cer -ic
> myself.cer -is root -ss my -sky exchange -sp "Microsoft RSA SChannel
> Cryptographic Provider" -sy 12
>
> The first one is self signing certificate, second one is for IIS server
> certificate, and third one for IE client certificate. After I moved them
> around in the certificate stores, here is how they looked:
>
> 1) The first certificate (self signing) is located in "Trusted Root
> certification Authorities" in "Certificates (Local Computer)".
>
> 2) The second certificate (server) is located in "Personal" in
> "Certificates
> (Local Computer)". This has the private key with it. The public part of
> the
> certificate is stored in "Personal" in "Certificates (Current User)".
>
> Using the IIS manager admin tool, I assigned the second (server)
> certificate
> to the default web site on my machine. I created a virtual directory with
> a
> simple html page. I made sure that this virtual directory and the simple
> html page work without configuring SSL using http in the url. Then I
> modified the File Security settings of the simple html page to require
> SSL.
> However the page fails to load with "https" in the url. The information
> shown on the browser is vague. However when I switch to another
> certificate
> from third party, it works fine.
>
> When I used the certificate from makecert, I was not able to see the SSL
> request in IIS log either.
>
> Is some thing wrong with the way I used makecert tool? Any help is greatly
> appreciated.
>
> Thanks.
> Raghu/..
>
>
>
|
|
|
|
|