Enabling SSL on the server with test certificate

Discussion in 'ASP .Net Security' started by Lenn, Aug 31, 2005.

  1. Lenn

    Lenn Guest

    Hello,

    I've been struggling with this for couple of days now. All I want to do is
    to enable SSL protocol on the webserver.
    I want to be able to generate and sign my own certificates. I used various
    tools to do that, such as makecert.exe from .NET SDK and even downloaded
    OpenSSL and generated certificates using that.
    I installed my own certificates on IIS, but SSL simply wont work with any of
    mine certificates. I get an error in server's event log: "SSL server
    credential's certificate does not have a private key".
    If anyone successfully accomplished what I am trying to do, Please respond.
    Any links or suggestions? Please help!

    Thank you
    Lenn, Aug 31, 2005
    #1
    1. Advertising

  2. Lenn,

    If you are going to generate your own certificates, then I believe you
    have to install the certificate on the client machine to get SSL to work.
    Have you tried that?

    Hope this helps.


    --
    - Nicholas Paldino [.NET/C# MVP]
    -

    "Lenn" <> wrote in message
    news:...
    > Hello,
    >
    > I've been struggling with this for couple of days now. All I want to do is
    > to enable SSL protocol on the webserver.
    > I want to be able to generate and sign my own certificates. I used various
    > tools to do that, such as makecert.exe from .NET SDK and even downloaded
    > OpenSSL and generated certificates using that.
    > I installed my own certificates on IIS, but SSL simply wont work with any
    > of
    > mine certificates. I get an error in server's event log: "SSL server
    > credential's certificate does not have a private key".
    > If anyone successfully accomplished what I am trying to do, Please
    > respond.
    > Any links or suggestions? Please help!
    >
    > Thank you
    >
    Nicholas Paldino [.NET/C# MVP], Aug 31, 2005
    #2
    1. Advertising

  3. Lenn wrote:
    > I've been struggling with this for couple of days now. All I want to
    > do is to enable SSL protocol on the webserver.
    > I want to be able to generate and sign my own certificates. I used
    > various tools to do that, such as makecert.exe from .NET SDK and even
    > downloaded OpenSSL and generated certificates using that.
    > I installed my own certificates on IIS, but SSL simply wont work with
    > any of mine certificates. I get an error in server's event log: "SSL
    > server credential's certificate does not have a private key".
    > If anyone successfully accomplished what I am trying to do, Please
    > respond. Any links or suggestions? Please help!


    Hello,
    It sounds like you're installing the cert without creating / importing the
    private key in IIS. Have you followed the CSR wizard in IIS to generate a
    key pair and the CSR to either send to a CA or sign yourself? Make sure you
    use the 'Create a new certificate' option in the SSL IIS wizard and you can
    create a test 3 month cert from IPSCA to make sure it works OK:
    http://certs.ipsca.com/
    Leon Mayne [MVP], Aug 31, 2005
    #3
  4. Lenn

    Lenn Guest

    Thank you all.

    Yes, I installed certificate on the client and server, doesn't make a
    difference.


    Leon, Wizard in IIS offers 2 options; 1. Create Certificate request to be
    processed by CA. 2. Assign excisting cert.
    I chose option 2.
    What I've done is 1. Generate new cert using makecert.exe, 2. Import cert to
    the server Cert Personal Store through Certificate Mangment Console. 3.
    Install new cert on IIS though their wizard.
    Have you done this before, could you please list steps you followed.
    Lenn, Aug 31, 2005
    #4
  5. Lenn wrote:
    > Leon, Wizard in IIS offers 2 options; 1. Create Certificate request
    > to be processed by CA. 2. Assign excisting cert.
    > I chose option 2.
    > What I've done is 1. Generate new cert using makecert.exe, 2. Import
    > cert to the server Cert Personal Store through Certificate Mangment
    > Console. 3. Install new cert on IIS though their wizard.
    > Have you done this before, could you please list steps you followed.


    I usually get IIS to create a new cert and a CSR and then send the CSR to
    either a certification authority or use Microsoft Certificate Services to
    sign the request and then process the cert.

    See http://support.microsoft.com/kb/299525/EN-US/ for details about using
    certificate services to sign your own cert, or use a CA that will sign a
    test cert for you for free, such as IPSCA (as mentioned before) or Thawte:
    http://www.thawte.com/ucgi/gothawte.cgi?a=w14100158767049000
    Leon Mayne [MVP], Sep 1, 2005
    #5
  6. Lenn

    Lenn Guest

    Thanks.

    > I usually get IIS to create a new cert and a CSR and then send the CSR to
    > either a certification authority or use Microsoft Certificate Services to
    > sign the request and then process the cert.


    This links explains in details how to do the same with openSSL, so you can
    be your own CA which exactly what I wanted to do.
    http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html

    It worked for me, now I need to figure how to programaticlly pass client
    certificate to the server.

    "Leon Mayne [MVP]" wrote:

    > Lenn wrote:
    > > Leon, Wizard in IIS offers 2 options; 1. Create Certificate request
    > > to be processed by CA. 2. Assign excisting cert.
    > > I chose option 2.
    > > What I've done is 1. Generate new cert using makecert.exe, 2. Import
    > > cert to the server Cert Personal Store through Certificate Mangment
    > > Console. 3. Install new cert on IIS though their wizard.
    > > Have you done this before, could you please list steps you followed.

    >
    > I usually get IIS to create a new cert and a CSR and then send the CSR to
    > either a certification authority or use Microsoft Certificate Services to
    > sign the request and then process the cert.
    >
    > See http://support.microsoft.com/kb/299525/EN-US/ for details about using
    > certificate services to sign your own cert, or use a CA that will sign a
    > test cert for you for free, such as IPSCA (as mentioned before) or Thawte:
    > http://www.thawte.com/ucgi/gothawte.cgi?a=w14100158767049000
    >
    >
    >
    Lenn, Sep 1, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?TGVubg==?=

    Enabling SSL on the server with test certificate

    =?Utf-8?B?TGVubg==?=, Aug 31, 2005, in forum: ASP .Net
    Replies:
    5
    Views:
    3,860
    =?Utf-8?B?TGVubg==?=
    Sep 1, 2005
  2. Replies:
    0
    Views:
    525
  3. John Nagle
    Replies:
    11
    Views:
    625
    =?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=
    Dec 14, 2006
  4. Matthew
    Replies:
    0
    Views:
    371
    Matthew
    Nov 2, 2004
  5. Lenn

    Enabling SSL on the server with test certificate

    Lenn, Aug 31, 2005, in forum: ASP .Net Web Services
    Replies:
    6
    Views:
    107
    Massimo Gentilini
    Sep 5, 2005
Loading...

Share This Page