Re: MakeCert, SSL and IIS6 problems.

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 08/22/05 

Date: Mon, 22 Aug 2005 12:54:16 -0700

Use SelfSSL to determine what is wrong with your certificate.

http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&DisplayLang=en 

-- 
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Raghu" <Raghu@Nospam.com> wrote in message
news:ei%232Xq0pFHA.3812@TK2MSFTNGP10.phx.gbl...
I have created 3 certificates with following commands:
makecert -sk myselfkey -pe -r -n "CN=mycomputer authority" myself.cer -ss
root -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy
12
makecert -sk myserverkey -pe -n "CN=mycomputer server" my_server.cer -ic
myself.cer -is root -ss my -sky exchange -sp "Microsoft RSA SChannel
Cryptographic Provider" -sy 12
The first one is self signing certificate, second one is for IIS server
certificate, and third one for IE client certificate. After I moved them
around in the certificate stores, here is how they looked:
1) The first certificate (self signing) is located in "Trusted Root
Certification Authorities" in "Certificates (Local Computer)".
2) The second certificate (server) is located in "Personal" in "Certificates
(Local Computer)". This has the private key with it. The public part of the
certificate is stored in "Personal" in "Certificates (Current User)".
Using the IIS manager admin tool, I assigned the second (server) certificate
to the default web site on my machine. I created a virtual directory with a
simple html page. I made sure that this virtual directory and the simple
html page work without configuring SSL using http in the url. Then I
modified the File Security settings of the simple html page to require SSL.
However the page fails to load with "https" in the url. The information
shown on the browser is vague. However when I switch to another certificate
from third party, it works fine.
When I used the certificate from makecert, I was not able to see the SSL
request in IIS log either.
Is some thing wrong with the way I used makecert tool? Any help is greatly
appreciated.
Thanks.
Raghu/..

Relevant Pages

  • Re: Cant get SSL to work locally
    ... SelfSSL just lowers the bar to enabling SSL on IIS (many people mistake ... needing Certificate Server or is just not possible "for free" with IIS). ... does not attempt to address the issue of trust. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Problem processing SSL certificate response.
    ... "Download SSL Diagnostics 1.1 from Microsoft.com and use it to diagnose ... Note that I am able to work around this by requesting/processing a request ... transfering the generated PFX into the certificate store on the IIS machine. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Switching from http to https
    ... the default website with SSL not enabled (using port 443) in the IIS. ... a certificate to the program. ...
    (microsoft.public.inetserver.iis.security)
  • RE: netsh error - 1312
    ... I can issue a cert from the certsrv and make it work but ONLY if I log in as ... "there is no particular SSL certificate that can only be used ... IIS wizard provide a very convenient GUI for us to generate request. ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Cant create web applications
    ... I've managed to re create an autosigned certificate and assigned it to the web application from the IIS 7 manager (it was already created with SSL and has the link with https, I just modified the link to add the cert.), but when I try to access the site, after the certificate warning, I receive a 403-Forbidden error. ...
    (microsoft.public.sharepoint.windowsservices)