Enabling SSL on the server with test certificate

[Guest]

Hello,

I've been struggling with this for couple of days now. All I want to do is
to enable SSL protocol on the webserver.
I want to be able to generate and sign my own certificates. I used various
tools to do that, such as makecert.exe from .NET SDK and even downloaded
OpenSSL and generated certificates using that.
I installed my own certificates on IIS, but SSL simply wont work with any of
mine certificates. I get an error in server's event log: "SSL server
credential's certificate does not have a private key".
If anyone successfully accomplished what I am trying to do, Please respond.
Any links or suggestions? Please help!

Thank you

 

[Nicholas Paldino [.NET/C# MVP]]

Lenn,

If you are going to generate your own certificates, then I believe you
have to install the certificate on the client machine to get SSL to work.
Have you tried that?

Hope this helps.

 

[Leon Mayne [MVP]]

I've been struggling with this for couple of days now. All I want to
do is to enable SSL protocol on the webserver.
I want to be able to generate and sign my own certificates. I used
various tools to do that, such as makecert.exe from .NET SDK and even
downloaded OpenSSL and generated certificates using that.
I installed my own certificates on IIS, but SSL simply wont work with
any of mine certificates. I get an error in server's event log: "SSL
server credential's certificate does not have a private key".
If anyone successfully accomplished what I am trying to do, Please
respond. Any links or suggestions? Please help!

Hello,
It sounds like you're installing the cert without creating / importing the
private key in IIS. Have you followed the CSR wizard in IIS to generate a
key pair and the CSR to either send to a CA or sign yourself? Make sure you
use the 'Create a new certificate' option in the SSL IIS wizard and you can
create a test 3 month cert from IPSCA to make sure it works OK:
http://certs.ipsca.com/

 

[Guest]

Thank you all.

Yes, I installed certificate on the client and server, doesn't make a
difference.


Leon, Wizard in IIS offers 2 options; 1. Create Certificate request to be
processed by CA. 2. Assign excisting cert.
I chose option 2.
What I've done is 1. Generate new cert using makecert.exe, 2. Import cert to
the server Cert Personal Store through Certificate Mangment Console. 3.
Install new cert on IIS though their wizard.
Have you done this before, could you please list steps you followed.

 

[Leon Mayne [MVP]]

Leon, Wizard in IIS offers 2 options; 1. Create Certificate request
to be processed by CA. 2. Assign excisting cert.
I chose option 2.
What I've done is 1. Generate new cert using makecert.exe, 2. Import
cert to the server Cert Personal Store through Certificate Mangment
Console. 3. Install new cert on IIS though their wizard.
Have you done this before, could you please list steps you followed.

I usually get IIS to create a new cert and a CSR and then send the CSR to
either a certification authority or use Microsoft Certificate Services to
sign the request and then process the cert.

See http://support.microsoft.com/kb/299525/EN-US/ for details about using
certificate services to sign your own cert, or use a CA that will sign a
test cert for you for free, such as IPSCA (as mentioned before) or Thawte:
http://www.thawte.com/ucgi/gothawte.cgi?a=w14100158767049000

 

[Guest]

Thanks.

I usually get IIS to create a new cert and a CSR and then send the CSR to
either a certification authority or use Microsoft Certificate Services to
sign the request and then process the cert.

This links explains in details how to do the same with openSSL, so you can
be your own CA which exactly what I wanted to do.
http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html

It worked for me, now I need to figure how to programaticlly pass client
certificate to the server.