Categories: MSDN / DotNet / Java / Scripts / Linux / PHP Ask - La ask - La Answer
Programmers Tech >> Developer Tech >> Security

IIS + SSL problem

Hi,

I generate self-signed certificate using the following script from http://winadmin.forret.com/2006/03/make-a-self-signed-certificate-for-iis/

I run "sslcert demo"

@echo off

:: inspiration from http://www.inventec.ch/chdh/notes/14.htm
if "%1" == "" goto :usage
call :set_name
if "%1" == "demo" call :default_name

set LOC=-sr LocalMachine -ss my
set TECH=-r -pe -a sha1 -eku 1.3.6.1.5.5.7.3.1 -sky exchange
set DATE=-b 01/01/2006 -e 01/01/2036

echo Creating certificate for %NAME% ...
makecert %NAME% %LOC% %TECH% %DATE%

:set_name
set NAME=-n "%*"
goto :end

:default_name
set NAME=-n "CN=www.example.com"
goto :end

:usage
echo %0 - v1.0
echo Usage:
echo %0
echo to get usage
echo %0 demo
echo to create demo cert for www.example.com
echo %0 "CN=www.myserver.com, O=MyCorp Inc"
echo to create cert for www.myserver.com

:end

After its generation:
- I open run->mmc and copy it from Certificates (Local Computer)/Personal/Certificates do Trusted Root Cert. Authorities.. and to
Certificates(Current User) respectively to make sure that it is everywhere it could be
- I import this cert to IIS (assign existing cert)

I have IIS project with simple html page that opens if I put http://localhost:9000/ssl/index.html (IIS TCP = 9000)
The SSL port is standard 443 and https://localhost:443/ssl/index.html or https://localhost/ssl/index.html in FF: page doesn't open... Broken connection, no error code, IE: The page cannot be displayed..
What I am doing wrong?

I also use this solution with openSSL, http://www.byteclub.net/wiki/IIS_SSL , the same thing happens...

IIS SSL
From ByteWiki
Create a certificate request (certreq.txt) from IIS (WebSite Properties -> Directory Security -> Server Certificate...)
These r the instructions from that page
# Create a private key to use for the CA
openssl genrsa -des3 -out ca.key 1024
# Create a certificate using the private key to act as a certificate authority
openssl req -new -key CA.key -x509 -days 1095 -out CA.cer
# Created a signed certificate using the new CA
openssl x509 -req -days 365 -in certreq.txt -CA ca.cer -CAkey ca.key -CAcreateserial -out new.cerInstall new.cer into IIS (Same place you generated the request from).
[2470 byte] By [haiaw] at [2007-11-11 10:21:00]
«« Working with dates
»» IIS + SSL problem
Developer Tech
Security

Developer Tech

All Classified

Developer Tech New Topic

Developer Tech Hot Topic