|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Selfssl.exe for multiple vhostsI am probably just missing one of the basic facts of ssl, but it seems that
selfssl.exe only uses 1 private key, and the only time that private key can be exported is when you export the most recently generated selfssl.exe cert. Am I missing something here, or is there another easy way to get many test vhost key pairs over to the other nlb host? Thanks in advance! ;) AFAIK (As far as I know) that is a built in limitation of SelfSSL. You
probably want to use Microsoft Certificate Services, or OpenSSL or similar if you need to generate lots of certificates. Cheers Ken Show quoteHide quote "pj_servadmin" <pjservad***@discussions.microsoft.com> wrote in message news:2CEF84D9-9277-4E0F-A675-3A9883758991@microsoft.com... :I am probably just missing one of the basic facts of ssl, but it seems that : selfssl.exe only uses 1 private key, and the only time that private key can : be exported is when you export the most recently generated selfssl.exe cert. : : Am I missing something here, or is there another easy way to get many test : vhost key pairs over to the other nlb host? : : Thanks in advance! ;) Actually, it is a bug in selfssl.exe, and you hit the bug right on the head.
While we are not going to fix and/or re-release selfssl.exe in the IIS6 Resource Kit to address this issue (long story short: it is a huge administrivia pain for us to re-release the IIS6 Resource Kit, make modifications to it, or even re-release selfssl.exe), we are planning to release the fix in other ways. I'll be blogging about it when it happens; if all goes well, it should be soon. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Ken Schaefer" <kenREM***@THISadOpenStatic.com> wrote in message AFAIK (As far as I know) that is a built in limitation of SelfSSL. Younews:uGoZb0GUFHA.4056@TK2MSFTNGP15.phx.gbl... probably want to use Microsoft Certificate Services, or OpenSSL or similar if you need to generate lots of certificates. Cheers Ken Show quoteHide quote "pj_servadmin" <pjservad***@discussions.microsoft.com> wrote in message news:2CEF84D9-9277-4E0F-A675-3A9883758991@microsoft.com... :I am probably just missing one of the basic facts of ssl, but it seems that : selfssl.exe only uses 1 private key, and the only time that private key can : be exported is when you export the most recently generated selfssl.exe cert. : : Am I missing something here, or is there another easy way to get many test : vhost key pairs over to the other nlb host? : : Thanks in advance! ;) Ok, so it's a bug. Followup question: where is the private key stored, so I
can export it back to the original host? Or better yet, should I just redo all of the selfssl'd sites and generate the private key/self signed cert with openssl? Thanks in advance! Show quoteHide quote "David Wang [Msft]" wrote: > Actually, it is a bug in selfssl.exe, and you hit the bug right on the head. > > While we are not going to fix and/or re-release selfssl.exe in the IIS6 > Resource Kit to address this issue (long story short: it is a huge > administrivia pain for us to re-release the IIS6 Resource Kit, make > modifications to it, or even re-release selfssl.exe), we are planning to > release the fix in other ways. I'll be blogging about it when it happens; if > all goes well, it should be soon. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "Ken Schaefer" <kenREM***@THISadOpenStatic.com> wrote in message > news:uGoZb0GUFHA.4056@TK2MSFTNGP15.phx.gbl... > AFAIK (As far as I know) that is a built in limitation of SelfSSL. You > probably want to use Microsoft Certificate Services, or OpenSSL or similar > if you need to generate lots of certificates. > > Cheers > Ken > > -- > Blog: www.adopenstatic.com/cs/blogs/ken/ > Web: www.adopenstatic.com > > "pj_servadmin" <pjservad***@discussions.microsoft.com> wrote in message > news:2CEF84D9-9277-4E0F-A675-3A9883758991@microsoft.com... > :I am probably just missing one of the basic facts of ssl, but it seems that > : selfssl.exe only uses 1 private key, and the only time that private key > can > : be exported is when you export the most recently generated selfssl.exe > cert. > : > : Am I missing something here, or is there another easy way to get many test > : vhost key pairs over to the other nlb host? > : > : Thanks in advance! ;) > > > > 
Other interesting topics
IIS6 ASP Crystal DLL
Digest access to UNC share Client Permissions required for Integrated Authentication? IIS 5.0 - Create Server Certificate Wizard Unable to set up client certificate, error 403.7 why request for cmd.exe had passed UrlScan.dll? Why rename the IUSR account? Guest book created through Frontpage Switching from Integrated Authentication to Anonymous exporting key |
|||||||||||||||||||||||
