Re: SSL certificate and IIS problems - HELP!
From: John Banes [MS] (jbanes@online.microsoft.com)
Date: 10/08/02
- Next message: Silvano: "users right"
- Previous message: Won Lee: "Logon to network computer"
- In reply to: Kojak 2002: "SSL certificate and IIS problems - HELP!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Banes [MS]" <jbanes@online.microsoft.com> Date: Mon, 7 Oct 2002 23:46:43 -0700
Let's see, when you created the certificate request using the IIS
certificate wizard, it produced a text-encoded certificate request message
(CERTIFICATE REQUEST etc) which you sent to the certificate authority guys.
In response, they should have sent you a text-encoded certificate message
(CERTIFICATE etc.), which you pass into the IIS certificate wizard. The
wizard checks to make sure that the private key (created at the same time as
the certificate request) matches the certificate.
>From your description, you're trying pass in the certificate REQUEST file
back into IIS. This won't work....
-- Regards, John Banes [Microsoft Security Developer] This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send email directly to this alias. This alias is for newsgroup purposes only. "Kojak 2002" <scott.tunstall@ntlworld.com> wrote in message news:QfHm9.894$kU4.107367@newsfep2-gui... > Sorry if this is not the correct area to post SSL questions, but for some > reason the Microsoft .iis site is not up. > > 3 months ago I used IIS 5 on the Win 2K web server to create a 1024-bit > certificate request with common name of www.scigw.scot.nhs.uk. I sent the > CSR to BT Trustwise (in the UK) who processed the CSR and gave me a response > file, from which I cut the following: > > BEGIN CERTIFICATE REQUEST > -----bla bla--- > END CERTIFICATE REQUEST > > I save the cut text in a .TXT file. (BTW renaming file to .CER etc doesn't > work.) > > Now, when I go to the same web server, open the Certificates MMC add-in , > and try to add the certificate to "personal certificates" all I get is an > error saying the "response file doesn't match the request!" - what request > does it mean? How do you find the matching request? > > Anyway, I view the certificate on another machine and the common names > match, the bit length is correct etc.. why is it rejected? > > There is only one request shown in the REQUEST directory on the MMC. And > that looks like the correct one! If it's not the correct one, how do you > know? Is there a fingerprint that can be used to visually match the CSR and > response? > > Anyway, the response file MUST match the request as no-one else has even > looked at the server! :) > > Can anyone tell me: > (a) Why the certificate is rejected? > (b) What to do to fix it? (Revoking it and starting afresh is a bit late) > (c) If it is possible to transfer the certificate response file to a > *completely fresh* PC without .pfx files etc? > > Please help, it is for a good cause (the British National Health Service) > > Can you please cc replies to > scott[nospam][dot]tunstall[AT]gpass.csa.scot.nhs.uk > > Thank you, > Scott > >
- Next message: Silvano: "users right"
- Previous message: Won Lee: "Logon to network computer"
- In reply to: Kojak 2002: "SSL certificate and IIS problems - HELP!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
