Help on Microsoft IIS and SSL
written by Miguel Angel Fraga
How to generate a CSR (RSA 1024 bits) using NON domestic IIS 4
If you are using SP3 (Service Pack
3) you need a special schannel.dll, do you need it? download schannel.dll
post SP3 here.
How to install your CA root certificate into IIS
you have incorporated your CA root certificate into
MSIE but your IIS can't see the certificate... that's because IIS (w/ SP3) doesn't
MS KeyManager says the signed certificate is invalid or CAPI error 80093004.
Remove the complete "text" above the
pem-encoded certificate, I mean remove the text from the top to
How to install a SGC certificate (Server Gated Cryptography)
In order to install your SGC certificate you need to
install the whole certificates chain in your IIS.
Sometimes you see that your IIS does 40-bit SSL okay but
not 128-bit SSL, the usual reason is that the intermediate Verisign SGC certificate is not
being sent to the client (the leaf certificate is being sent, though). When this happens
the client will refuse to initiate the SGC renegotiation. The fix is to rerun the sgcinst.exe
program on your server, or to manually place the intermediate SGC certificate in the Local
Machine "Intermediate Certificates" store using Certificate Manager (shipped
with SP4 or higher).
USAGE: sgcinst.exe inputfile outputfile
To confirm that there is no problem, you can look in:
I generated a key and certificate request
with OpenSSL / SSLeay and got a certificate from Verisign. After trying everything to get
IIS so take it, I found out that for some reason keys need to be generated in IIS for it
to use them. Anyone know otherwise?
You have to convert the server's private key to NET format
before you install the Verisign certificate.
How to get client certificate with IIS 4.0 using
ASP (How to write a Client Authentication Certificate to a file)
The following ASP code is needed for this to work:
<% @Language = VBScript %> <% Response.Buffer = True %> <% ' Session.LCID = 1033 'Regional setting [Chinese] 'Instantiate the ASP FileSystemObject in order 'to create a text file Set fs = Server.CreateObject("Scripting.FileSystemObject") 'Create text file using append mode Set outStream = fs.OpenTextFile( "C:\cert.txt", 8, True ) 'Save certificate issuer information to text file outStream.WriteLine( "# Issuer: " & Request.ClientCertificate("Issuer") ) 'Extract certificate subject (user) and account information from certificate su = Request.ClientCertificate( "Subject" ) mx = len(su) for x = 1 to mx if mid(su,x,1)=chr(10) or mid(su,x,1)=chr(13) then su=left(su,x-1)+";"+right(su,mx-x) end if next outStream.WriteLine( "# Subject: " & su ) outStream.WriteLine( "# Account: " & _ Request.ServerVariables ("REMOTE_USER") ) 'Extract encrypted certificate text from certificate; encode text 'as 64-bit data uue = vbNullString & _ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" & _ "0123456789+/" outStream.WriteLine( "-----BEGIN CERTIFICATE-----" ) cer = Request.ClientCertificate( "Certificate" ) lcer = len(cer) l = 0 for x = 1 to lcer step 3 a1 = asc(mid(cer,x,1)) if x+1 <= lcer then a2 = asc(mid(cer,x+1,1)) if x+2 <=lcer then a3 = asc(mid(cer,x+2,1)) else a3 = 0 end if else a2 = 0 a3 = 0 end if outStream.Write mid(uue, (a1 and 252)/4 +1 ,1) outStream.Write mid(uue, (a1 and 3)*16 + (a2 and 240)/16 +1 ,1) if x+1 <= lcer then outStream.Write mid(uue, (a2 and 15)*4 + (a3 and 192)/64 +1 ,1) if x+2 <= lcer then outStream.Write mid(uue, (a3 and 63) +1 ,1) else outStream.Write "=" end if else outStream.Write "==" end if l = l +4 if l = 64 then outStream.WriteLine("") l = 0 end if next if l > 0 then outStream.WriteLine( "" ) end if outStream.WriteLine( "-----END CERTIFICATE-----" ) %> //////////////////////////////////////////////