Re: IIS 5.1 SSL Cetificate Missing

PS

If you want to see what, if any, cert, IIS is currently configured to use, then follow the steps here:
http://www.adopenstatic.com/cs/blogs/ken/archive/2007/05/12/5050.aspx

Cheers
Ken

"Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx> wrote in message news:%23$i3BZsZIHA.3400@xxxxxxxxxxxxxxxxxxxxxxx
a) To view certs that IIS can use you need to manually run MMC, add the Certificates snapin, point it to the Machine account, and then look in the Personal Certificate Store. By default, if you use the Certificates MMC Admin tool that is in the Administrative Tools folder, it looks in your *personal* store (i.e. for your user account) not for the machine account

b) XP can generate certs itself. Just use a tool that creates self-signed certificates (SelfSSL, OpenSSL etc). But I don't think this is what you want to do.

c) You say you have a CA handy already. If you want a certificate from that CA, then there's no need to join a domain and auto-enroll. Run through the wizard in IIS to create a certificate request (CSR) file, or generate your own using certreq.exe. Then, submit that CSR to your CA (http://servername/certsrv if you have the Certificate Services website installed on the CA, or use the Certification Authority MMC Snapin). After issueing your cert, install it onto the IIS website on your XP box.

None of this really has anything to do with IIS per se. it's all provided by the underlying certificate management infrastructure in the OS. You just need to know a little how PKI and the certificate stuff works, and then it all becomes much easier to make this all work.

Cheers
Ken


"Ming Dragon" <Ming Dragon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:66A6AF2D-C93B-431B-B2D5-F4747F43F6B7@xxxxxxxxxxxxxxxx
I recently did a system restore to recover from a driver installation
catastrophic failure for my ATi video. (System Restore is a real MONSTER in a
closet) In this process I ended up without an SSL Server Certificate for IIS
5.1. It installed fine when I built the machine and served its purpose for
quite some time. What's so peculiar is that I can't find it in the stores or
anything. My personal encrypting file cert is there and that's it. I don't
want to join a domain to get a cert. I failed to generate a new cert using
every scheme I can come up with.
How do I generate a cert for my server, please. (Don't let it be the
dreaded uninstall and reinstall dance please, please, please...) I have a
Root Cert Auth in the closet and the Subordinate Cert right next to this
machine, and I know how easy it would be to just join and autoenroll, but I
should be able to generate a cert somehow on XP Pro, shouldn't I ? Can't it
do even that piddly little thing ? I would think that to be shamefull that XP
Pro can't generate a vald self cert somehow. I don't really have any
experience with this stuff. But, all the buttons are greyed out in the
security tab for the website except the one that generates a text file or
request for certificate. All the behaviors I expect don't happen.


.

Quantcast