Apache webserver using IIS CA

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: boy (boy_at_starhub.net)
Date: 08/05/04 

Date: Thu, 5 Aug 2004 22:13:07 +0800

Hi all,

we have one computer running as CA in our company issuing client
certificates to internal users,
users with the certificate can then access webpages on the same server, the
server is running windows 2000
we used the instruction
http://www.microsoft.com/windows2000/techinfo/planning/security/casetupsteps
.asp to set up the server.

now we are going to move to unix, but we still want the windows machine as
our CA
I have set up unix+apache+modssl+openssl
I also read instructions
http://www.verisign.com.au/support/server/certsignreq/modssl/v00.shtml and
http://www.verisign.com.au/support/server/install/modssl/v00g.shtml

According to the instructions given by versign, I guess need to do:
1. generate private key for my apache server server.key
2. Create a Certificate Signing Request (CSR) with apache server private key
server.csr
3. let my windows CA signing the request, generating server.crt file
4. put the .crt file from windows CA on my unix /path/to/server.crt
5. modify httpd.conf, adding SSLCertificateFile /path/to/server.crt,
SSLCertificateKeyFile /path/to/server.key
6. get intermediate CA from windows CA, putting it /path/to/ca.crt
7. adding to httpd.conf SSLCACertificateFile /path/to/ca.crt

so I want to know:
1. is my guess correct?
2. can IIS sign my server.csr, return me server.crt file, if cannot, how can
I convert the returned file to server.crt using openssl?
3. how to get windows CA's intermediate CA ca.crt?
4. when I testing my bsd box as a CA and web server, i just point
SSLCACertificateFile to /path/to/ca.crt, so can I just use windows CA's
ca.crt instead intermediate CA?
5. is this the right folder to post this questiong? :p

Relevant Pages

  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Cannot sync Windows mobile with sbs2003 server
    ... Windows Mobile OS to the SBS2003 server at work so that he can read e-mails. ... What certificate do Microsoft recommend here, and where can this be bought? ...
    (microsoft.public.pocketpc)
  • Re: Need help configuring Wireless Connection profile
    ... Now life is good in the Windows wireless world. ... now have a secure wireless setup within my small business server environment. ... "point" the info of the Radius authentication to your current Radius server. ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: EAP-TLS with windows CE
    ... credentials at the login prompt for Windows Server 2003 on the server ... The certificate is a public thing, ... When the server asks the Windows CE device to identify itself, ... I could easily steal your authentication information. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: EAP-TLS with windows CE
    ... Thanks for the quick response. ... Windows CE then prompts the wireless user for the ... to the AP which gets passed on to an authentication server (RADIUS or ... nothing to do with the contents of the certificate at all. ...
    (microsoft.public.windowsce.platbuilder)