Tags:
create new tag
, view all tags
  1. Make sure the openSSL binary directory is part of your path. On windows, this is \out32dll\

  2. Make sure the Perl interpreter's directory is part of your path. On linux, this is probably already the case. On NT, it probably isn't

  3. Generate a request with IIS.
    1. Go to 'Control Panel' -gt; 'Administrative Tools' -gt; 'Internet Service Manager'.
    2. From there, expand the tree until you see 'Default Web Site'.
    3. Right click it and do 'properties'.
    4. Pick the 'Directory Security' Tab
    5. In the 'Secure Communications' section click the 'Server Certificate' button
    6. Follow through the wizard. Among other things, pick whether you want a 512 or 1024 bit key. The name and adress identification stuff really doesn't matter much. However, you cannot have 2 certs with the same name and site name.
    7. The end result is a certreq.txt request file.
  4. Rename the certreq.txt file to 'newreq.pem'
  5. Move 'newreq.pem' to the \apps directory under openSSL.
  6. Go to the \apps directory under openSSL.
  7. Type the perl CA.pl -sign.
  8. It will ask for the pass phrase. This is the password you picked when you first set up the test Certification Authority. * (to do: explain how to do this) *
  9. If all is well, it will confirm the operation. If it doesn't, yet looks like it completed ok, something went wrong. This is not a very well written script in terms of error handling. You probably created a script that was too similar to another one you did in the past. Go back to the Internet Services Manager, click the 'Server Certificate' button again, cancel the request, and then make another request this time changing some data around.
  10. When finished, a new cert will be created in the file 'newcert.pem'. This will contain 2 sections: a bunch of readable information about the cert, and then a big blob of unreadable text that looks like this: 

    -----BEGIN CERTIFICATE-----
MIIDaDCCAtGgAwIBAgIBCDANBgkqhkiG9w0BAQQFADB/MQswCQYDVQQGEwJVUzET
...
NlM+G392SpHsWf4q0uA/8BkmuY5fDF34AJPdm+L4PBPnzPLUexCq0sslcNqNTx87
+HB+tVOzWmP2ZcM8
-----END CERTIFICATE-----

  11. IIS only wants this blob - not the stuff before it. So delete everything except for this portion.
  12. Go back to 'Internet Service Manager', click the 'Server Certificate' button again, and indicate you want to process a pending request.
  13. It will ask for the cert file. Locate the 'newcert.pem' file and say ok.
  14. That should do it!

-- TWikiGuest - 07 Dec 2001

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | More topic actions
Topic revision: r1 - 08 Dec 2001 - TWikiGuest
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback