iis security:
I have a windows 2000 server running IIS 5 and I need to install a sel
signed server certificate. How do I go about creating and the
installing the certificate.

just a little bit more info, i've already read thre
http://tinyurl.com/4tc6n
and done all that it has told me to do, inculdeing download the SSLDia
tool and have made a temperary CA, it only lasts for a week and i ca
not edit the details on it, i want to be able to edit it's details an
make it last for a year.

any help offered would be greatll appercated


-
paul_ma
-----------------------------------------------------------------------
Posted via http://www.webservertalk.co
-----------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message457032.htm

Hi,

SSL Diag will not allow you to customize your certificate since it is only
meant for testing purposes.

If you need your own certificate, one option is to setup your own CA server
(CA service) on Windows 2000 or (even better on Windows 2003). If you setup
Windows 2000 CA with certificate validity of 5 years, you can then issue SSL
certificate for your web server that will last 5 years or less.

If you intend to move your web server from IIS 5 to IIS 6 (Windows 2003) you
can then use SelfSSL tool that will issue self signed certificate with
validity period of one year.

Here is more information on how to setup and run your own CA server

New features:
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
Operations guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
Managing PKI:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
Best Practices:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
Certificate templates -
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
Key archival -
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/kyacws03.mspx
Certificate Autoenrollment in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
Advanced certificate enrollment:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
web enrollment:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
EFS:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
CRLS: http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx

Mike

[quoted text, click to view]

So just to make sure i have this correct, if i had IIS 6 i coul
download the selfSSL tool and sign my own certificate, but becuase
have IIS 5 i can't download the selfSSLtoo


-
paul_ma
-----------------------------------------------------------------------
Posted via http://www.webservertalk.co
-----------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message457032.htm

Hi,

As far as I have checked SelfSSL will only work on II6 and IIS 5.1 (IIS 5.1
is IIS service running on Windows XP).

You could still issue certificate with SelfSSL on IIS 5.1 if you have it
around or if you set it up and once it is issued, you can export if and
import it to IIS 5 (Windows 2000).

Mike

[quoted text, click to view]