|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
SelfSSL Utility - Not working?I just downloaded the SelfSSL for the IIS 6.0 resource kit and ran the
following command line: selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 I got a message that it was successful however when I go in to "Directory Security" for my in IIS, the "View Certificate" is grayed out. I also get a page not found when I try to hit my website using https:// with my IP address since we have not change the DNS yet. I am setting this up to A). Test to see if it works and B). We are migrating our server and do not want to transfer our current certificate to the new server until DNS has finished propagating. The thought here is some users will hit one server while others will hit the new one allowing for secure transactions on both severs simultaneously and eliminate down time . So I would like to know how I can verify the SelfSSL installed correctly and works. or if there is another method I should be using for this migration, Thanks - Jody Is that the EXACT command line you used? because there's an error or two
yours: selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 mine: selfssl.exe /N:CN=MySSL /K:1024 /V:7 /S:1 /P:443 -- Show quoteHide quoteJason Brown Microsoft GTSC, IIS This posting is provided "AS IS" with no warranties, and confers no rights. "Jody" <J***@discussions.microsoft.com> wrote in message news:997F91AA-2249-4054-8844-1E83411BBFE6@microsoft.com... >I just downloaded the SelfSSL for the IIS 6.0 resource kit and ran the > following command line: selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 > > I got a message that it was successful however when I go in to "Directory > Security" for my in IIS, the "View Certificate" is grayed out. I also get > a > page not found when I try to hit my website using https:// with my IP > address > since we have not change the DNS yet. > > I am setting this up to A). Test to see if it works and B). We are > migrating > our server and do not want to transfer our current certificate to the new > server until DNS has finished propagating. The thought here is some users > will hit one server while others will hit the new one allowing for secure > transactions on both severs simultaneously and eliminate down time . > > So I would like to know how I can verify the SelfSSL installed correctly > and > works. or if there is another method I should be using for this migration, > > Thanks - Jody Sorry! Fluent in typo ;-o. I used your syntax.
Show quoteHide quote "Jason Brown [MSFT]" wrote: > Is that the EXACT command line you used? because there's an error or two > > yours: > selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 > mine: > selfssl.exe /N:CN=MySSL /K:1024 /V:7 /S:1 /P:443 > > > > -- > Jason Brown > Microsoft GTSC, IIS > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > "Jody" <J***@discussions.microsoft.com> wrote in message > news:997F91AA-2249-4054-8844-1E83411BBFE6@microsoft.com... > >I just downloaded the SelfSSL for the IIS 6.0 resource kit and ran the > > following command line: selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 > > > > I got a message that it was successful however when I go in to "Directory > > Security" for my in IIS, the "View Certificate" is grayed out. I also get > > a > > page not found when I try to hit my website using https:// with my IP > > address > > since we have not change the DNS yet. > > > > I am setting this up to A). Test to see if it works and B). We are > > migrating > > our server and do not want to transfer our current certificate to the new > > server until DNS has finished propagating. The thought here is some users > > will hit one server while others will hit the new one allowing for secure > > transactions on both severs simultaneously and eliminate down time . > > > > So I would like to know how I can verify the SelfSSL installed correctly > > and > > works. or if there is another method I should be using for this migration, > > > > Thanks - Jody > > > OK, so you did enter a correct command, fair enough. what about if you run
it in default state? just selfssl.exe ? it should use the netbios name of the machine as the cn, as well as 1024 length, site 1, port 443 -- Show quoteHide quoteJason Brown Microsoft GTSC, IIS This posting is provided "AS IS" with no warranties, and confers no rights. "Jody" <J***@discussions.microsoft.com> wrote in message news:8CE5B722-789D-4199-92A4-14E55B0D7546@microsoft.com... > Sorry! Fluent in typo ;-o. I used your syntax. > > "Jason Brown [MSFT]" wrote: > >> Is that the EXACT command line you used? because there's an error or two >> >> yours: >> selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 >> mine: >> selfssl.exe /N:CN=MySSL /K:1024 /V:7 /S:1 /P:443 >> >> >> >> -- >> Jason Brown >> Microsoft GTSC, IIS >> >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> >> "Jody" <J***@discussions.microsoft.com> wrote in message >> news:997F91AA-2249-4054-8844-1E83411BBFE6@microsoft.com... >> >I just downloaded the SelfSSL for the IIS 6.0 resource kit and ran the >> > following command line: selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 >> > /P:443 >> > >> > I got a message that it was successful however when I go in to >> > "Directory >> > Security" for my in IIS, the "View Certificate" is grayed out. I also >> > get >> > a >> > page not found when I try to hit my website using https:// with my IP >> > address >> > since we have not change the DNS yet. >> > >> > I am setting this up to A). Test to see if it works and B). We are >> > migrating >> > our server and do not want to transfer our current certificate to the >> > new >> > server until DNS has finished propagating. The thought here is some >> > users >> > will hit one server while others will hit the new one allowing for >> > secure >> > transactions on both severs simultaneously and eliminate down time . >> > >> > So I would like to know how I can verify the SelfSSL installed >> > correctly >> > and >> > works. or if there is another method I should be using for this >> > migration, >> > >> > Thanks - Jody >> >> >> SelfSSL is not going to work for your particular scenario.
It is going to generate a self-signed certificate that is not trusted by any client, meaning that your users will see warning dialogs popup. This is by-design of how SSL works -- no way around it. SelfSSL is best used for testing purposes as well as when you control both client and server to get free SSL. It is not suitable for any other sort of usage because browsers will all pop up a warning dialog. I suggest you use the same SSL certificate on both servers simultaneously during the DNS migration. Your old and new servers both have the same name and everything (so that they can continue to use the same SSL certificate -- else browsers will popup warning dialogs), so it is purely a matter of DNS that determines which one responds. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Jody" <J***@discussions.microsoft.com> wrote in message I just downloaded the SelfSSL for the IIS 6.0 resource kit and ran thenews:997F91AA-2249-4054-8844-1E83411BBFE6@microsoft.com... following command line: selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 I got a message that it was successful however when I go in to "Directory Security" for my in IIS, the "View Certificate" is grayed out. I also get a page not found when I try to hit my website using https:// with my IP address since we have not change the DNS yet. I am setting this up to A). Test to see if it works and B). We are migrating our server and do not want to transfer our current certificate to the new server until DNS has finished propagating. The thought here is some users will hit one server while others will hit the new one allowing for secure transactions on both severs simultaneously and eliminate down time . So I would like to know how I can verify the SelfSSL installed correctly and works. or if there is another method I should be using for this migration, Thanks - Jody Just to wade in with an opinion - it won't work for the purposes of
verifying the webiste is owned by blahblahblah.com, however if you intention is just to encrypt the traffic over the wire, it'll still work. the OP mentioned it's just for a transitional period. Sure, the dialog will show up, but this isn't a big deal in testing/interim/controllable environments. This doesn't equate to "not going to work". Semantics, perhaps, but there you go. Show quoteHide quote "David Wang [Msft]" <some***@online.microsoft.com> wrote in message news:eEd264jRFHA.244@TK2MSFTNGP12.phx.gbl... > SelfSSL is not going to work for your particular scenario. > > It is going to generate a self-signed certificate that is not trusted by > any > client, meaning that your users will see warning dialogs popup. This is > by-design of how SSL works -- no way around it. SelfSSL is best used for > testing purposes as well as when you control both client and server to get > free SSL. It is not suitable for any other sort of usage because browsers > will all pop up a warning dialog. > > I suggest you use the same SSL certificate on both servers simultaneously > during the DNS migration. Your old and new servers both have the same name > and everything (so that they can continue to use the same SSL > certificate -- > else browsers will popup warning dialogs), so it is purely a matter of DNS > that determines which one responds. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > "Jody" <J***@discussions.microsoft.com> wrote in message > news:997F91AA-2249-4054-8844-1E83411BBFE6@microsoft.com... > I just downloaded the SelfSSL for the IIS 6.0 resource kit and ran the > following command line: selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 > > I got a message that it was successful however when I go in to "Directory > Security" for my in IIS, the "View Certificate" is grayed out. I also get > a > page not found when I try to hit my website using https:// with my IP > address > since we have not change the DNS yet. > > I am setting this up to A). Test to see if it works and B). We are > migrating > our server and do not want to transfer our current certificate to the new > server until DNS has finished propagating. The thought here is some users > will hit one server while others will hit the new one allowing for secure > transactions on both severs simultaneously and eliminate down time . > > So I would like to know how I can verify the SelfSSL installed correctly > and > works. or if there is another method I should be using for this migration, > > Thanks - Jody > > David - This is what we ended up doing and it worked fine. Thanks everyone
for your input. I learned a lot. - Jody Show quoteHide quote "David Wang [Msft]" wrote: > SelfSSL is not going to work for your particular scenario. > > It is going to generate a self-signed certificate that is not trusted by any > client, meaning that your users will see warning dialogs popup. This is > by-design of how SSL works -- no way around it. SelfSSL is best used for > testing purposes as well as when you control both client and server to get > free SSL. It is not suitable for any other sort of usage because browsers > will all pop up a warning dialog. > > I suggest you use the same SSL certificate on both servers simultaneously > during the DNS migration. Your old and new servers both have the same name > and everything (so that they can continue to use the same SSL certificate -- > else browsers will popup warning dialogs), so it is purely a matter of DNS > that determines which one responds. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "Jody" <J***@discussions.microsoft.com> wrote in message > news:997F91AA-2249-4054-8844-1E83411BBFE6@microsoft.com... > I just downloaded the SelfSSL for the IIS 6.0 resource kit and ran the > following command line: selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 > > I got a message that it was successful however when I go in to "Directory > Security" for my in IIS, the "View Certificate" is grayed out. I also get a > page not found when I try to hit my website using https:// with my IP > address > since we have not change the DNS yet. > > I am setting this up to A). Test to see if it works and B). We are migrating > our server and do not want to transfer our current certificate to the new > server until DNS has finished propagating. The thought here is some users > will hit one server while others will hit the new one allowing for secure > transactions on both severs simultaneously and eliminate down time . > > So I would like to know how I can verify the SelfSSL installed correctly and > works. or if there is another method I should be using for this migration, > > Thanks - Jody > > > 
Other interesting topics
UrlScan.dll Terminating
IIS folder structure and security. IIS Challenge for Password. WinXP authenticates differently than Win2k. Re: Does Http.sys block all mobile device requests? Need to block Web Spider software like Teleport pro How to tell if IIS lockdown Tool is installed? IIS6, WIN2k3SP1 and integrated authentication Failure posting files to iis6.0 using ssl client authentication URLScan as an attack vector? Security concern in event viewer |
|||||||||||||||||||||||
