RE: How to get certificate made with makecert to work with IIS
From: Karl Westerholm [MS] (karlwestonline@microsoft.com)
Date: 07/19/02
- Next message: Wade A. Hilmo [MS]: "IIS 6.0 TechNet Chat Followup"
- Previous message: Susan Hayden [MS]: "RE: Problem w/ Integrated Windows Authentication"
- In reply to: TP: "How to get certificate made with makecert to work with IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: karlwestonline@microsoft.com (Karl Westerholm [MS]) Date: Fri, 19 Jul 2002 01:13:47 GMT
Greetings,
Generating a web server certificate with 'makecert.exe' can be a very
tricky business. While it certainly can be done, there are enough switches
that need to be set perfectly & other potential 'gotchas' that using
makecert.exe *may* end up being more trouble then it is worth given an even
easier method to issue certificates included for free with Windows 2000
Server: Certificate Server 2.0.
If you do not have a copy of W2K/Server (or do not have the time to set
it up right now) you can visit the following Microsoft Web site where you
can access a test Cert Server: http://sectest.rte.microsoft.com [This KB
also gives more information on how to go about setting up IIS5 with a Cert
Server 2.0-issued server cert:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q299525 ]
Having said all that, let me throw out a link to the info page for
makecert.exe, as well as a sample command-line that I think should allow
you to create a web server certificate:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/se
curity/makecert.asp
This makecert command-line should work:
makecert -pe -n CN=mymachine -ss MY -sr localMachine -a sha1 -sky exchange
-eku 1.3.6.1.5.5.7.3.1 -in "TestCA" -is MY -ir LocalMachine -sp "Microsoft
RSA SChannel Cryptographic Provider" -sy 12 mymachine.cer
Regards,
-->Karl
“Please do not send email directly to this alias. This is our online
account name for newsgroup participation only.”
This posting is provided “AS IS” with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.
--------------------
| From: "TP" <teemu.piiroinen@pp.inet.fi>
| Subject: How to get certificate made with makecert to work with IIS
| Date: Fri, 19 Jul 2002 00:38:15 +0300
| Lines: 16
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
| Message-ID: <OyZKzMqLCHA.2200@tkmsftngp11>
| Newsgroups: microsoft.public.inetserver.iis.security
| NNTP-Posting-Host: 80.222.66.231
| Path: cpmsftngxa08!cpmsftngxa10!tkmsftngp01!tkmsftngp11
| Xref: cpmsftngxa08 microsoft.public.inetserver.iis.security:8537
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| Hi
|
| I made a test certificate with makecert.exe program that came
| with .NET framework. I didn't give any additional properties
| (makecert.exe C:\testcert.cer). Then I added sertificate using MMC
| and used Internet Services Manager to make that certificate
| as IIS's certificate. There wasn't any errors and everything
| seemed to go well. But when I tried to open a page with https
| I just got message that page could not be found. Using http
| page worked just fine. I have checked that port for ssl is set right,
| and I have also checked that port is listening with netstat.
|
| Thanks..
|
|
|
|
- Next message: Wade A. Hilmo [MS]: "IIS 6.0 TechNet Chat Followup"
- Previous message: Susan Hayden [MS]: "RE: Problem w/ Integrated Windows Authentication"
- In reply to: TP: "How to get certificate made with makecert to work with IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
