## 20160415 AK ---- [[MicrosoftServer/CZ|česky]] | '''english''' ---- = Internet Information Server (IIS) = [Q] I am trying to install on IIS 6.0 (Win 2003 Server). I have had a look at the link for the "Paste your CSR below...\" but to no avail. [A] [[http://www2.futureware.at/svn/sourcerer/CAcert/IIS6.0HowTo.pdf|IIS6.0 with nice screenshots]] (provided by Alaric Dailey) --([A] [[http://www.windowsitlibrary.com/Content/141/07/2.html|IIS SSL walkthru]])-- [[http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/all/deployguide/en-us/iisdg_mea_nfmd.asp|Configuring Server Certificates for SSL (IIS 6.0)]] [[http://support.microsoft.com/default.aspx?scid=kb;EN-US;228991|How to Create and Install an SSL Certificate in Internet Information Server 4.0]] [[http://support.microsoft.com/kb/290625/EN-US/|How To Configure SSL in a Windows 2000 IIS 5.0 Test Environment by Using Certificate Server 2.0]] [[http://blog.webhosting.uk.com/2006/11/27/howto-set-up-ssl-using-iis-50-and-certificate-se/|Set Up SSL Using IIS 5.0]] --( http://blog.eukhost.com/2006/10/12/wildcard-ssl-importing-in-windows-iis-server - Wildcard SSL - Importing in Windows IIS Server )-- --( http://blog.eukhost.com/2006/10/12/wildcard-ssl-exporting-in-windows-iis-server - Wildcard SSL - Exporting in Windows IIS Server )-- [[http://vicryhc.wordpress.com/2012/03/13/create-certificate-iis-7-with-cerficate-free-from-cacert-org| Create Certificate on IIS 7.0]] . current: . Cryptographic service providers: a. Microsoft RSA SChannel Cryptographic Provider, Bit lenghts: 384, 512, 1024, 2048, 4096, 8192, 16384 a. Microsoft DH SChannel Cryptographic Provider, Bit lenghts: 512, 1024 [[HowToDocuments/CertForIIS85| How to create a server certificate on IIS 8.5]] Related information: [[Technology/KnowledgeBase/ClientCerts#Microsoft Internet Information Server 8 on Windows Server 2012|MS IIS8 on the Windows Server 2012]] If you want to "roll your own", then pick up a copy of the [[http://www.stunnel.org/download/stunnel/win32/|OpenSSL binaries]]. == Windows 2000 IIS “require SSL” notice == If one is unable to turn off SSL on an IIS website or virtual folder: For example, if the default IIS website is setup to require https, and one unchecks “Require secure channel (SSL),” on a subfolder/virtual folder, and restarted IIS services, and tried to connect to the folder with “http://” one might get a: {{{ HTTP 403.4 - Forbidden: SSL required }}} Which denotes that the SSL requirement is still in place. Make sure you turned SSL off the right way! When un-checking the Require secure channel (SSL) check box, '''''if “Require 128-bit encryption” is shaded, click to select Require secure channel (SSL), click to clear Require 128-bit encryption, and then click to clear the Require secure channel (SSL) check box again.''''' == IIS wildcard” certificate notice == IIS (6.0 for sure) is not able to generate a wildcard certificate request CAcert's automated system understands. If one tries to submit such a certificate, one will get an error saying something like: {{{ The following hostnames were rejected because the system couldn't link themto your account, if they are valid please verify the domains against youraccount. Rejected: \x00*\x00.\x00y\x00o\x00u\x00r\x00d\x00o\x00m\x00a\x00i\x00n\x00.\x00o\x00r\x00g}}} The solution exists in using one of the alternate ways to generate te request (for instance openVPN works). === I want to use Class3 Cert under older Windows System === . If you experiences problems using the new Class3 Subroot and creating class3 client certificates, probably your older Windows system (Windows XP, Windows 2003) does not have the patch '''[[http://www.microsoft.com/en-US/download/details.aspx?id=4670|Microsoft Base Smart Card Crypto Provider (KB909520)]]''' installed. . KB909520 installs support for sha256 and other crypto providers like AES128, AES192, AES256 and more . Further infos about crypto providers under Windows read [[http://msdn.microsoft.com/en-us/library/windows/desktop/bb931357%28v=vs.85%29.aspx|MSDN library article CryptoAPI Cryptographic Service Providers]] ---- . CategorySoftware . CategoryCommunity . CategoryGuide . CategorySupport . CategoryConfiguration