• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Openssl IIS and CA

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware

View previous topic :: View next topic  
Author Message
Pete_L
Just Arrived
Just Arrived


Joined: 05 Apr 2010
Posts: 0


Offline

PostPosted: Mon Apr 05, 2010 2:41 pm    Post subject: Openssl IIS and CA Reply with quote

Right after weeks of trying to work this out myself I am hoping someone can help me out with this -

I have 4 servers (2 part of a domain / 2 work group) all seperate subnets.

Im in the process of setting up SQL Merge Replication that needs SQL Web Synchronization. One of the pre-req's is that certificates are needed.

I can generate a self signed cert in IIS and then export it / import it on the other servers and this works, however it is only a 12 month certificate and I would prefer to have it part of a CA.

So, can someone please tell me how I can create a certificate (that will be available in IIS) for each server.

Here are the commands ive been using so far, but this doesnt show the cert in IIS - is that because the key isnt there (an IIS self signed cert has the private key included)?

To Create a CA -
openssl req -new -x509 -extensions v3_ca -keyout private/CA.key -out private/CA.cer -days 3650 -config ./openssl.cfg

To Create a Certificate Request -
openssl req -new -nodes -out private/SERVER1-req.req -keyout private/SERVER1-key.key -config ./openssl.cfg

To Create a Certificate -
openssl ca -out private/SERVER1.cer -config ./openssl.cfg -infiles private/SERVER1-req.req

Any help much appreciated!
Back to top
View user's profile Send private message
Pete_L
Just Arrived
Just Arrived


Joined: 05 Apr 2010
Posts: 0


Offline

PostPosted: Tue Apr 13, 2010 5:26 pm    Post subject: Reply with quote

I might have managed to get this working by using the following command, can anyone see any problems with doing this?

openssl pkcs12 -export -in private/SERVER1.cer -inkey private/SERVER1-key.key -certfile private/CA.cer -name "SERVER1" -out private/SERVER1-PKCS12.p12

I think that as the private key is exported IIS is happier and allows it to be used.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register