|
|
Subject:
Self-Signed Certificates for IIS
Category: Computers > Security Asked by: levsen-ga List Price: $15.00 |
Posted:
14 Jun 2002 14:26 PDT
Expires: 15 Jun 2002 09:35 PDT Question ID: 26084 |
Does anyone know how I can create a no-cost server certificate for IIS (version 5.1) myself, using OpenSSL or something similar? I really don't need a $1000 certificate from VeriSign or one of the other crooks. I am not running a public server, I just want to use SSL to keep my ISP from listening into my traffic and I know all my clients (in the technical as well as the business sense), so I can just pass the certificate around by floppy disk and people manually install it in their Internet Explorers. The stupid thing is I already managed to do it once by futzing around with OpenSSL, I just can't reproduce it anymore. I remember that IIS won't accept a self-signed certificate, so I'd have to create my own root certificate first and then a second certificate for the server and then sign the latter with the first. Please give me complete instructions such as "type this and that" and "then copy that file there" etc. Use a fictional servername like "demo.com". I have an understanding of the concepts of RSA, certificates and signatures but not the details such as file formats and the tools involved, and I don't care. |
|
There is no answer at this time. |
|
Subject:
Re: Self-Signed Certificates for IIS
From: poormattie-ga on 14 Jun 2002 17:25 PDT |
I ran out of time to write this up, so someone gets a freebie. Here's some good instructions for starters: http://groups.google.com/groups?hl=en&lr=&safe=off&selm=9fm2on%242fh%241%40FreeBSD.csie.NCTU.edu.tw I followed them step by step, and they are quite helpful so far. Putting them in terms levsen wants ("type this and that") is mostly what would need to be done. Best of luck! |
Subject:
Re: Self-Signed Certificates for IIS
From: adamc-ga on 15 Jun 2002 01:26 PDT |
If you're running Windows 2000 Server (which presumably you are if you're running IIS 5), then you can install MS Certificate Services, which will allow you to create your own certificates. If Certificate Services is not already installed, go to Control Panel, Add Remove Programs, Add/Remove Windows Components, and select Certificate Services (you'll need all it's subcomponents). This is how you start... I'll let a Google researcher answer the rest of the question in detail, but the only steps left are to create a certificate and then set it up in IIS. |
Subject:
Re: Self-Signed Certificates for IIS
From: paco-ga on 15 Jun 2002 09:01 PDT |
Most openssl distributions include CA.sh and CA.pl scripts. They're effectively the same thing, one in bourne shell, one in perl. If you don't have them, you can find them at: http://web.mit.edu/crypto/share/openssl/misc/ If you have those scripts, it's a 3 step process that's really easy. First: set up your dummy CA: CA.sh -newca Second: create a certificate signing request (CSR): CA.sh -newreq Last: sign the CSR with the CA: CA.sh -sign The certificate you'll have will have a private key that is password protected. You probably don't want that. The private key will be in the newreq.pem file. Run this command to get rid of the password protection: openssl rsa -in newreq.pem -out private.key Now you have an unencrypted private key in the fila named "private.key" Your CA certificate (which you'll want IIS and your web browser to trust) will be in the demoCA directory under cacert.pem. Here's another description of how to do all this: http://www.octaldream.com/~scottm/talks/ssl/opensslca.html The search terms I used to find that page were: openssl CA.sh Regards, Paco |
Subject:
Re: Self-Signed Certificates for IIS
From: levsen-ga on 15 Jun 2002 09:35 PDT |
Ok this is cool. People have been very helpful with their comment. Everything works now beautifully. (Some of the comments are not visible anymore.) Thank you very much for your help. I am closing this question now. |
If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you. |
Search Google Answers for |
Google Home - Answers FAQ - Terms of Service - Privacy Policy |