česky | english
Internet Information Server (IIS)
[Q] I am trying to install on IIS 6.0 (Win 2003 Server). I have had a look at the link for the "Paste your CSR below...\" but to no avail.
[A] IIS6.0 with nice screenshots (provided by Alaric Dailey)
[A] IIS SSL walkthru
Configuring Server Certificates for SSL (IIS 6.0)
How to Create and Install an SSL Certificate in Internet Information Server 4.0
How To Configure SSL in a Windows 2000 IIS 5.0 Test Environment by Using Certificate Server 2.0
http://blog.eukhost.com/2006/10/12/wildcard-ssl-importing-in-windows-iis-server - Wildcard SSL - Importing in Windows IIS Server
http://blog.eukhost.com/2006/10/12/wildcard-ssl-exporting-in-windows-iis-server - Wildcard SSL - Exporting in Windows IIS Server
- current:
- Cryptographic service providers:
- Microsoft RSA SChannel Cryptographic Provider, Bit lenghts: 384, 512, 1024, 2048, 4096, 8192, 16384
- Microsoft DH SChannel Cryptographic Provider, Bit lenghts: 512, 1024
- Cryptographic service providers:
How to create a server certificate on IIS 8.5
Related information: MS IIS8 on the Windows Server 2012
If you want to "roll your own", then pick up a copy of the OpenSSL binaries.
Windows 2000 IIS require SSL notice
If one is unable to turn off SSL on an IIS website or virtual folder:
For example, if the default IIS website is setup to require https, and one unchecks Require secure channel (SSL), on a subfolder/virtual folder, and restarted IIS services, and tried to connect to the folder with http:// one might get a:
HTTP 403.4 - Forbidden: SSL required
Which denotes that the SSL requirement is still in place.
Make sure you turned SSL off the right way!
When un-checking the Require secure channel (SSL) check box, if Require 128-bit encryption is shaded, click to select Require secure channel (SSL), click to clear Require 128-bit encryption, and then click to clear the Require secure channel (SSL) check box again.
IIS wildcard certificate notice
IIS (6.0 for sure) is not able to generate a wildcard certificate request CAcert's automated system understands. If one tries to submit such a certificate, one will get an error saying something like:
The following hostnames were rejected because the system couldn't link themto your account, if they are valid please verify the domains against youraccount. Rejected: \x00*\x00.\x00y\x00o\x00u\x00r\x00d\x00o\x00m\x00a\x00i\x00n\x00.\x00o\x00r\x00g
The solution exists in using one of the alternate ways to generate te request (for instance openVPN works).
I want to use Class3 Cert under older Windows System
If you experiences problems using the new Class3 Subroot and creating class3 client certificates, probably your older Windows system (Windows XP, Windows 2003) does not have the patch Microsoft Base Smart Card Crypto Provider (KB909520) installed.
- KB909520 installs support for sha256 and other crypto providers like AES128, AES192, AES256 and more
Further infos about crypto providers under Windows read MSDN library article CryptoAPI Cryptographic Service Providers