Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Enabling SSL on the server with test certificate

Reply
Thread Tools

Enabling SSL on the server with test certificate

 
 
=?Utf-8?B?TGVubg==?=
Guest
Posts: n/a
 
      08-31-2005
Hello,

I've been struggling with this for couple of days now. All I want to do is
to enable SSL protocol on the webserver.
I want to be able to generate and sign my own certificates. I used various
tools to do that, such as makecert.exe from .NET SDK and even downloaded
OpenSSL and generated certificates using that.
I installed my own certificates on IIS, but SSL simply wont work with any of
mine certificates. I get an error in server's event log: "SSL server
credential's certificate does not have a private key".
If anyone successfully accomplished what I am trying to do, Please respond.
Any links or suggestions? Please help!

Thank you

 
Reply With Quote
 
 
 
 
Nicholas Paldino [.NET/C# MVP]
Guest
Posts: n/a
 
      08-31-2005
Lenn,

If you are going to generate your own certificates, then I believe you
have to install the certificate on the client machine to get SSL to work.
Have you tried that?

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- http://www.velocityreviews.com/forums/(E-Mail Removed)

"Lenn" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello,
>
> I've been struggling with this for couple of days now. All I want to do is
> to enable SSL protocol on the webserver.
> I want to be able to generate and sign my own certificates. I used various
> tools to do that, such as makecert.exe from .NET SDK and even downloaded
> OpenSSL and generated certificates using that.
> I installed my own certificates on IIS, but SSL simply wont work with any
> of
> mine certificates. I get an error in server's event log: "SSL server
> credential's certificate does not have a private key".
> If anyone successfully accomplished what I am trying to do, Please
> respond.
> Any links or suggestions? Please help!
>
> Thank you
>



 
Reply With Quote
 
 
 
 
Leon Mayne [MVP]
Guest
Posts: n/a
 
      08-31-2005
Lenn wrote:
> I've been struggling with this for couple of days now. All I want to
> do is to enable SSL protocol on the webserver.
> I want to be able to generate and sign my own certificates. I used
> various tools to do that, such as makecert.exe from .NET SDK and even
> downloaded OpenSSL and generated certificates using that.
> I installed my own certificates on IIS, but SSL simply wont work with
> any of mine certificates. I get an error in server's event log: "SSL
> server credential's certificate does not have a private key".
> If anyone successfully accomplished what I am trying to do, Please
> respond. Any links or suggestions? Please help!


Hello,
It sounds like you're installing the cert without creating / importing the
private key in IIS. Have you followed the CSR wizard in IIS to generate a
key pair and the CSR to either send to a CA or sign yourself? Make sure you
use the 'Create a new certificate' option in the SSL IIS wizard and you can
create a test 3 month cert from IPSCA to make sure it works OK:
http://certs.ipsca.com/


 
Reply With Quote
 
=?Utf-8?B?TGVubg==?=
Guest
Posts: n/a
 
      08-31-2005
Thank you all.

Yes, I installed certificate on the client and server, doesn't make a
difference.


Leon, Wizard in IIS offers 2 options; 1. Create Certificate request to be
processed by CA. 2. Assign excisting cert.
I chose option 2.
What I've done is 1. Generate new cert using makecert.exe, 2. Import cert to
the server Cert Personal Store through Certificate Mangment Console. 3.
Install new cert on IIS though their wizard.
Have you done this before, could you please list steps you followed.
 
Reply With Quote
 
Leon Mayne [MVP]
Guest
Posts: n/a
 
      09-01-2005
Lenn wrote:
> Leon, Wizard in IIS offers 2 options; 1. Create Certificate request
> to be processed by CA. 2. Assign excisting cert.
> I chose option 2.
> What I've done is 1. Generate new cert using makecert.exe, 2. Import
> cert to the server Cert Personal Store through Certificate Mangment
> Console. 3. Install new cert on IIS though their wizard.
> Have you done this before, could you please list steps you followed.


I usually get IIS to create a new cert and a CSR and then send the CSR to
either a certification authority or use Microsoft Certificate Services to
sign the request and then process the cert.

See http://support.microsoft.com/kb/299525/EN-US/ for details about using
certificate services to sign your own cert, or use a CA that will sign a
test cert for you for free, such as IPSCA (as mentioned before) or Thawte:
http://www.thawte.com/ucgi/gothawte....00158767049000


 
Reply With Quote
 
=?Utf-8?B?TGVubg==?=
Guest
Posts: n/a
 
      09-01-2005
Thanks.

> I usually get IIS to create a new cert and a CSR and then send the CSR to
> either a certification authority or use Microsoft Certificate Services to
> sign the request and then process the cert.


This links explains in details how to do the same with openSSL, so you can
be your own CA which exactly what I wanted to do.
http://www.dylanbeattie.net/docs/ope...ssl_howto.html

It worked for me, now I need to figure how to programaticlly pass client
certificate to the server.

"Leon Mayne [MVP]" wrote:

> Lenn wrote:
> > Leon, Wizard in IIS offers 2 options; 1. Create Certificate request
> > to be processed by CA. 2. Assign excisting cert.
> > I chose option 2.
> > What I've done is 1. Generate new cert using makecert.exe, 2. Import
> > cert to the server Cert Personal Store through Certificate Mangment
> > Console. 3. Install new cert on IIS though their wizard.
> > Have you done this before, could you please list steps you followed.

>
> I usually get IIS to create a new cert and a CSR and then send the CSR to
> either a certification authority or use Microsoft Certificate Services to
> sign the request and then process the cert.
>
> See http://support.microsoft.com/kb/299525/EN-US/ for details about using
> certificate services to sign your own cert, or use a CA that will sign a
> test cert for you for free, such as IPSCA (as mentioned before) or Thawte:
> http://www.thawte.com/ucgi/gothawte....00158767049000
>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Obtaining SSL certificate info from SSL object - BUG? John Nagle Python 11 12-14-2006 11:31 PM
To get from the browser (web client), the server X509 certificate used in an SSL established session paxtra@gmail.com Java 0 08-02-2006 08:02 AM
Enabling SSL on the server with test certificate Lenn ASP .Net Web Services 6 09-05-2005 12:15 PM
Enabling SSL on the server with test certificate Lenn ASP .Net Security 5 09-01-2005 02:21 PM
test test test test test test test Computer Support 2 07-02-2003 06:02 PM



Advertisments