RE: Certificate request
From: Ray Fong [MSFT] (rayfong_at_online.microsoft.com)
Date: 08/02/04
- Next message: Paul: "Re: BizTalk Install"
- Previous message: Eriq Neale [MSFT]: "RE: Intelligent Messgage Filter without Gateway server?"
- In reply to: Peter Kaufman: "RE: Certificate request"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 02 Aug 2004 19:43:55 GMT
It looks like you need a cert just for your own webserver. In this case,
you can pick Stand-alone Root CA for better security.
To make things even more simple, you can use IIS Reskit SelfSSL.exe to
create your own cert without Certificate Server.
For example, the URL you wants to be www.microsoft.com, and the Identifier
for the website is 123456, all you need to do is run:
selfssl.exe /N:CN=www.microsoft.com /K:1024 /V:180 /S:123456 /P:443
This will get a cert created. If the website is going to be access by the
rest of the world, then you really should buy a commercial cert.
IIS 6.0 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-
b628-ade629c89499&DisplayLang=en
Anyway, if you have CertServer installed, when you generate a cert in IIS,
you should have the option "Send the request immediately to an online
certification authority" which will auto generate and install the cert for
you in iis.
Ray Fong
Microsoft SBS Product Support
This posting is provided "AS IS" with no warranties, and confers no rights.
>
>Thanks Ray for your help.
>
>When adding the certificate server, it prompt me to select
>a CA Type (enterprise root CA, Enterprise subordinate CA,
>Stand-alone root CA, or stand-alone subordinate CA.)
>
>It is not clear to me which option to select. This server
>is hosted at an ISP, and runs a website that needs to run
>secure/ for which I need to generate a certificate request.
>
>Also, once the certificate server is installed, do I still
>use the MMC certificate snap-in to generate the request?
>
>Thanks again.
>
>Peter
>>-----Original Message-----
>>Do you have Certificate Server installed (Add/Remove
>Program -> Windows
>>Componenet)? If you want additonal cert (other than the
>one created by the
>>wizard which doesn't use Certificate Server), you need to
>get it installed.
>>
>>Ray Fong
>>Microsoft SBS Product Support
>>
>>This posting is provided "AS IS" with no warranties, and
>confers no rights.
>>
>>>
>>>I am trying to generate a new certificate request using
>>>MMC in SBS2003, and get the following error:
>>>
>>>The wizard cannot be started because of one of the
>>>following conditions:
>>>-There are no trusted certification authorities (CAs)
>>>availabe.
>>>- You do not have the permission to request certificates
>>>from the available CAs.
>>>- The available CAs issue certificates for which you do
>>>not have permissions.
>>>
>>>I am logged on as the administrator. What am I doing
>wrong.
>>>
>>>Any suggestions are appreciated.
>>>
>>>Peter
>>>
>>
>>.
>>
>
- Next message: Paul: "Re: BizTalk Install"
- Previous message: Eriq Neale [MSFT]: "RE: Intelligent Messgage Filter without Gateway server?"
- In reply to: Peter Kaufman: "RE: Certificate request"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
