Password Max SSL

User community discussion group for Passwords Max

Password Max SSL

Postby richg50 » Fri Oct 01, 2010 2:17 pm

I am in the process of setting up the Web Server and I’m not exactly sure how to request the SSL cert. So my first question is can I use Microsoft Active Directory Certificate Services and if so what template/ key options/ request format do I use.
richg50
New user
 
Posts: 1
Joined: Fri Oct 01, 2010 2:03 pm

Extracting an existing certificate from IIS 6

Postby AuthorDirect » Sat Oct 02, 2010 8:24 am

If you have an existing secure web site (i.e. one using a certificate) running on IIS 6 then you can extract it using the following steps;

Part 1
Right-Click on My Computer, Manage
Services & Applications
IIS
Highlight the website in question
Right-Click, Properties
Directory Security tab
Server Certificate button, this brings up a wizard.
Walk through the wizard to Export the current certificate to a .pfx file. (For the password use something simple to remember.)
Save the PFX file to a temporary folder.
Part 2
Copy the OpenSSL.exe, Msvcr71.dll, Ssleay32.dll, Libssl32.dll and Libeay32.dll files into the same temp folder.
(You'll find these files in the \\clarion3\\3rdparty\\bin folder)
Part 3
Open a command prompt window, go to the temp folder
type
openssl pkcs12 -in whatever.pfx -info -out whatever.pem -nodes
openssl pkcs12 -in whatever.pfx -clcerts -nokeys -out whatever.crt
openssl pkcs12 -in whatever.pfx -nocerts -out whatever.key
Part 4

Copy the pem, crt and key files to your \\certificates folder
Delete all the files in the temp directory
AuthorDirect
Site Admin
 
Posts: 588
Joined: Mon Feb 07, 2005 8:42 pm

Public web site need to have certificate signed by authority

Postby AuthorDirect » Sat Oct 02, 2010 8:30 am

If you are creating a public web site you need to have your certificate signed by a Trusted Certificate Authority.

This process usually takes a day or two as the CA is supposed to verify that you are who you claim to be.

There are several authorities you can use.

a. www.verisign.com the biggest, but not surprisingly also the most expensive.

b. www.thwate.com is the next biggest, is owned by Verisign, and is quite a bit cheaper.

c. Another popular one is www.godaddy.com which is cheaper still.


All three follow a similar process.

1. You create a Certificate Signing Request,

a. Install OPENSSL.
b. Create Private Key (no password): openssl genrsa -out .\\YourCARoot\\private\\MyRequest.key -rand .\\YourCARoot\\private\\YourRandom.rnd 2048
c. Create Certificate using Private Key: openssl req -new -days 3650 -key .\\YourCARoot\\private\\MyRequest.key -out .\\YourCARoot\\certs\\MyRequestCSR.crt -config .\\YourCARoot\\config\\OpenSSL.conf
d. Copy and paste the contents of .\\YourCARoot\\certs\\MyRequestCSR.crt


2. They take your money, and sign your CSR,

3. They give you back a Certificate which,

4. You put into a CRT file.
AuthorDirect
Site Admin
 
Posts: 588
Joined: Mon Feb 07, 2005 8:42 pm

Postby Alan_T » Sat Oct 02, 2010 8:34 am

I got a certificate from RapidSSL which I installed on IIS 6.

Then I used the information above to extract to a PFX file, and then ran the OpenSSL.exe to convert this to a PEM file.

And finally used notepad on the PEM file to split up into the CRT and the KEY file.
Alan_T
New user
 
Posts: 1
Joined: Sat Oct 02, 2010 8:33 am


Return to Passwords Max

Who is online

Users browsing this forum: No registered users and 1 guest

cron