|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
[IIS 5] Homemade cert and SSLgenerated a certificate using instructions found at this site: http://www.aspnetpro.com/newsletterarticle/2006/10/asp200610mb_l/asp200610mb_l.asp but I changed the command line slightly because I'm not using localhost nor am I using the machine name, rather I want to use the full, internal domain name: makecert -r -pe -n "CN=mysite.dev.mydomain.com" -ss my -sr currentuser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 C:\Temp\mycert.cer I then followed the instructions of logging on to the dev box, importing the certificate into both the Personal store and the Trusted Root Certification Authorities store, and then going into IIS to assign the certificate to my site. Here's where I have the problem. When I go into the IIS Certificate Wizard and choose the "Assign an existing certificate" button, on the next page (Available Certificates) I am presented with an empty list. Everything I have read about this process always seems to assume that there will be SOMETHING in the list and never discusses what might cause the list to be empty. I found a total of ONE post from someone who had a similar problem 5 years ago but there was no resolution. Any ideas? I thought maybe a dotted name was not allowed under CN (because I know NOTHING about this), but I made a new cert with just the machine name, installed it, and I still have an empty list of available certificates. "Jeff Johnson" <i.get@enough.spam> wrote in message I skipped over one line of the instructions that had me add the certificate news:%23FUvSubAHHA.4740@TK2MSFTNGP03.phx.gbl... > For testing purposes I need to install a certificate on a development box. > I generated a certificate using instructions found at this site: > http://www.aspnetpro.com/newsletterarticle/2006/10/asp200610mb_l/asp200610mb_l.asp snap-in a second time for the computer account. Importing the certificate under this account solved the problem. Yes, you have to remember that the service runs as the "computer" and
not as "you", thus you need to import the certificates into the "computer's" store and not "your" store. After all, why should one user be able to access another user's private certificate store? That would destroy the entire security model of certificates - that the private keys are private. You can also use a tool like SelfSSL from the "IIS Resource Kit Tools" or "IIS Diagnostics Toolkit" (both freely available for download from microsoft.com) to do this task with minimal hassle. You just need to run that one command and voila, you have an SSL-enabled website. //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang // Jeff Johnson wrote: Show quoteHide quote > "Jeff Johnson" <i.get@enough.spam> wrote in message > news:%23FUvSubAHHA.4740@TK2MSFTNGP03.phx.gbl... > > > For testing purposes I need to install a certificate on a development box. > > I generated a certificate using instructions found at this site: > > http://www.aspnetpro.com/newsletterarticle/2006/10/asp200610mb_l/asp200610mb_l.asp > > I skipped over one line of the instructions that had me add the certificate > snap-in a second time for the computer account. Importing the certificate > under this account solved the problem. 
Other interesting topics
|
|||||||||||||||||||||||
