Re: Obtaining an SSL (test) certificate

From: Michel Gallant (neutron_at_nspxistar.ca)
Date: 10/02/03

  • Next message: Vishal Agarwal[MSFT]: "Re: Problem calling CryptSignHash for certificate open in worker thread." 
    Date: Thu, 2 Oct 2003 12:29:37 -0400

    Typical "client certificates" which can be used for client authentication
    to IIS servers are usually installed automatically by a client script/control
    that generates the public/private RSA keypair. The certs can be used for
    signing/encryption email for S/MIME, for client authentication to SSL servers
    plus other uses.
    You can generate your own certificate for this purpose automatically using
    makecert.exe ... installation has nothing to do with the IIS server.

    In fact you can have several client certificates (typically in CU MY store).
    When IIS is configured to require client authentication, client will be presented
    with a "choose one of your certs to present to server".

    See also:
       http://support.microsoft.com/default.aspx?scid=kb;en-us;315588

     - Michel Gallant
        MVP Security

    "Thomas Nielsen [AM Production A/S]" <jack_pot_dk@h0tmail.com> wrote in message
    news:OPPI0eOiDHA.604@TK2MSFTNGP10.phx.gbl...
    > Dear all,
    >
    > I'm working on a client that needs to communicate securely with a server
    > over SSL. The server needs to be able to authenticate me, so I need to be
    > able to present it with a certificate from a root CA - And not just with any
    > certificate I've issued myself.
    >
    > I've been informed that a Verisign test certificate will work fine, but I'm
    > unsure how to actually obtain + install this into my Windows certificate
    > store.
    > I know how this works with IIS (generate CSR, request certificate, import
    > into IIS), but how do you do this when your certificate is not for IIS?.
    > Could the same procedure be used? (Generate CSR from IIS, request
    > certificate, manually import certificate into "Certificates (Local
    > Computer)/personal/certificates", os should this be handled differently?
    >
    > Thanks,
    >
    > /Thomas
    >
    >

  • Next message: Vishal Agarwal[MSFT]: "Re: Problem calling CryptSignHash for certificate open in worker thread."

    Relevant Pages

    • RE: 401.2 Errors
      ... the server name as their proxy server, ... really understand the point in deploying the Firewall Client to all clients. ... I had a look at the log file but it only seems to be ... recording access that the IIS Server itself goes through. ...
      (microsoft.public.windows.server.sbs)
    • Re: security header is not present in the incoming message
      ... Similar problem appears when I run my client directly under IIS instead of under ASP.NET Development Server. ... There are no certificates in the certificate store that match the find value of 'CN=WSE2QuickStartServer'. ... 'Hello World with certificate policy. ...
      (microsoft.public.dotnet.security)
    • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
      ... SSL only validates you are talking to a SSL certified server; ... They can simply edit the URL the client program ... can be done by using a X.509 certificate on both ends, ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: LDP client authentication fails
      ... I got the LDP working with LDAP server under server client authentication ... I did not installed the certificate in pfx format .. ... Client cert auth won't work without that. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Connect Computer Problem at 2 Customer Sites
      ... I understand this issue to be: the client ... please restart the IIS service. ... join the domain has got the valid IP address and DNS server address in the ... Microsoft Online Newsgroup Support ...
      (microsoft.public.windows.server.sbs)