Openssl IIS and CA

Networking/Security Forums -> Cryptographic Software and Hardware

Author: Pete_L PostPosted: Mon Apr 05, 2010 2:41 pm    Post subject: Openssl IIS and CA
Right after weeks of trying to work this out myself I am hoping someone can help me out with this -

I have 4 servers (2 part of a domain / 2 work group) all seperate subnets.

Im in the process of setting up SQL Merge Replication that needs SQL Web Synchronization. One of the pre-req's is that certificates are needed.

I can generate a self signed cert in IIS and then export it / import it on the other servers and this works, however it is only a 12 month certificate and I would prefer to have it part of a CA.

So, can someone please tell me how I can create a certificate (that will be available in IIS) for each server.

Here are the commands ive been using so far, but this doesnt show the cert in IIS - is that because the key isnt there (an IIS self signed cert has the private key included)?

To Create a CA -
openssl req -new -x509 -extensions v3_ca -keyout private/CA.key -out private/CA.cer -days 3650 -config ./openssl.cfg

To Create a Certificate Request -
openssl req -new -nodes -out private/SERVER1-req.req -keyout private/SERVER1-key.key -config ./openssl.cfg

To Create a Certificate -
openssl ca -out private/SERVER1.cer -config ./openssl.cfg -infiles private/SERVER1-req.req

Any help much appreciated!

Author: Pete_L PostPosted: Tue Apr 13, 2010 5:26 pm    Post subject:
I might have managed to get this working by using the following command, can anyone see any problems with doing this?

openssl pkcs12 -export -in private/SERVER1.cer -inkey private/SERVER1-key.key -certfile private/CA.cer -name "SERVER1" -out private/SERVER1-PKCS12.p12

I think that as the private key is exported IIS is happier and allows it to be used.

Networking/Security Forums -> Cryptographic Software and Hardware

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group