Password Max SSL
4 posts
• Page 1 of 1
Password Max SSL
by richg50 » Fri Oct 01, 2010 2:17 pm
I am in the process of setting up the Web Server and I’m not exactly sure how to request the SSL cert. So my first question is can I use Microsoft Active Directory Certificate Services and if so what template/ key options/ request format do I use.
- richg50
- New user
- Posts: 1
- Joined: Fri Oct 01, 2010 2:03 pm
Extracting an existing certificate from IIS 6
by Vince Sorensen » Sat Oct 02, 2010 8:24 am
If you have an existing secure web site (i.e. one using a certificate) running on IIS 6 then you can extract it using the following steps;
Part 1
Right-Click on My Computer, Manage
Services & Applications
IIS
Highlight the website in question
Right-Click, Properties
Directory Security tab
Server Certificate button, this brings up a wizard.
Walk through the wizard to Export the current certificate to a .pfx file. (For the password use something simple to remember.)
Save the PFX file to a temporary folder.
Part 2
Copy the OpenSSL.exe, Msvcr71.dll, Ssleay32.dll, Libssl32.dll and Libeay32.dll files into the same temp folder.
(You'll find these files in the \\clarion3\\3rdparty\\bin folder)
Part 3
Open a command prompt window, go to the temp folder
type
openssl pkcs12 -in whatever.pfx -info -out whatever.pem -nodes
openssl pkcs12 -in whatever.pfx -clcerts -nokeys -out whatever.crt
openssl pkcs12 -in whatever.pfx -nocerts -out whatever.key
Part 4
Copy the pem, crt and key files to your \\certificates folder
Delete all the files in the temp directory
Part 1
Right-Click on My Computer, Manage
Services & Applications
IIS
Highlight the website in question
Right-Click, Properties
Directory Security tab
Server Certificate button, this brings up a wizard.
Walk through the wizard to Export the current certificate to a .pfx file. (For the password use something simple to remember.)
Save the PFX file to a temporary folder.
Part 2
Copy the OpenSSL.exe, Msvcr71.dll, Ssleay32.dll, Libssl32.dll and Libeay32.dll files into the same temp folder.
(You'll find these files in the \\clarion3\\3rdparty\\bin folder)
Part 3
Open a command prompt window, go to the temp folder
type
openssl pkcs12 -in whatever.pfx -info -out whatever.pem -nodes
openssl pkcs12 -in whatever.pfx -clcerts -nokeys -out whatever.crt
openssl pkcs12 -in whatever.pfx -nocerts -out whatever.key
Part 4
Copy the pem, crt and key files to your \\certificates folder
Delete all the files in the temp directory
- Vince Sorensen
- Site Admin
- Posts: 578
- Joined: Mon Feb 07, 2005 8:42 pm
Public web site need to have certificate signed by authority
by Vince Sorensen » Sat Oct 02, 2010 8:30 am
If you are creating a public web site you need to have your certificate signed by a Trusted Certificate Authority.
This process usually takes a day or two as the CA is supposed to verify that you are who you claim to be.
There are several authorities you can use.
a. www.verisign.com the biggest, but not surprisingly also the most expensive.
b. www.thwate.com is the next biggest, is owned by Verisign, and is quite a bit cheaper.
c. Another popular one is www.godaddy.com which is cheaper still.
All three follow a similar process.
1. You create a Certificate Signing Request,
a. Install OPENSSL.
b. Create Private Key (no password): openssl genrsa -out .\\YourCARoot\\private\\MyRequest.key -rand .\\YourCARoot\\private\\YourRandom.rnd 2048
c. Create Certificate using Private Key: openssl req -new -days 3650 -key .\\YourCARoot\\private\\MyRequest.key -out .\\YourCARoot\\certs\\MyRequestCSR.crt -config .\\YourCARoot\\config\\OpenSSL.conf
d. Copy and paste the contents of .\\YourCARoot\\certs\\MyRequestCSR.crt
2. They take your money, and sign your CSR,
3. They give you back a Certificate which,
4. You put into a CRT file.
This process usually takes a day or two as the CA is supposed to verify that you are who you claim to be.
There are several authorities you can use.
a. www.verisign.com the biggest, but not surprisingly also the most expensive.
b. www.thwate.com is the next biggest, is owned by Verisign, and is quite a bit cheaper.
c. Another popular one is www.godaddy.com which is cheaper still.
All three follow a similar process.
1. You create a Certificate Signing Request,
a. Install OPENSSL.
b. Create Private Key (no password): openssl genrsa -out .\\YourCARoot\\private\\MyRequest.key -rand .\\YourCARoot\\private\\YourRandom.rnd 2048
c. Create Certificate using Private Key: openssl req -new -days 3650 -key .\\YourCARoot\\private\\MyRequest.key -out .\\YourCARoot\\certs\\MyRequestCSR.crt -config .\\YourCARoot\\config\\OpenSSL.conf
d. Copy and paste the contents of .\\YourCARoot\\certs\\MyRequestCSR.crt
2. They take your money, and sign your CSR,
3. They give you back a Certificate which,
4. You put into a CRT file.
- Vince Sorensen
- Site Admin
- Posts: 578
- Joined: Mon Feb 07, 2005 8:42 pm
by Alan_T » Sat Oct 02, 2010 8:34 am
I got a certificate from RapidSSL which I installed on IIS 6.
Then I used the information above to extract to a PFX file, and then ran the OpenSSL.exe to convert this to a PEM file.
And finally used notepad on the PEM file to split up into the CRT and the KEY file.
Then I used the information above to extract to a PFX file, and then ran the OpenSSL.exe to convert this to a PEM file.
And finally used notepad on the PEM file to split up into the CRT and the KEY file.
- Alan_T
- New user
- Posts: 1
- Joined: Sat Oct 02, 2010 8:33 am
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests