SSL Certificate on TS, "Private Key"??
- From: John <John@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 21 Nov 2006 14:40:01 -0800
Below is a short thread from here a couple of months ago. I'm having the
same PROBLEM. I don't see the line "You have a private key that
corresponds to this certificate.".
I also used IIS 6.0 from a different physical server.... and while my new
Cert looks aok under "Personal" store, I just can't get it to show up in the
MS TS configure screen: http://www.reamsoftware.com/TSCertificateScreen.jpg
I'd hate to enable IIS on our production TS box unless I have to....
especially if I'm not even sure it will get me closer....
I gotta find a way to create a CSR on the TS to submit ....
I'm using a GoDaddy SSL Certificate. Could that be an issue?
---------------------------------------
<<August 2006>>
Thank you Samim.
It looks like the certificate does not have a corresponding private key.
Everything else is OK so I will try to get a certificate with a private key.
"Samim Erdogan [MSFT]" wrote:
When you request a certificate that way, the correct parameters should already be in the request for a "Server Authentication" a.k.a. SSL certificate. One caveat is that when you request an SSL certificate this way, what you get back would only work on the server where you used IIS to construct the request.
After installing the SSL certificate, you can use the Certificate Manager mmc snap-in to view the certificates and verify if installation went OK.
a.. Start the MMC console: Start-->Run, enter mmc.
b.. Menu->File->Add/Remove Snap-in
c.. Add the "Certificates" snap-in
d.. Select "Computer Account"
e.. Select "Local Computer" if you are running the MMC snapin at the server. Otherwise provide the name of the server.
f.. OK, OK.
After this, the left-side tree view in the MMC snapin should be showing Console Root -> Certificates (Server Name or Local Computer). Drill down the tree view to ->Personal->Certificates. The list view on the right should show you the certificate you installed. The fourth column, "Intended Purpose" should list "Server Authentication". Doubleclick the item to bring up the certificate. In the Certificate Properties dialog, under the "General" tab, you should see a note that says "You have a private key that corresponds to this certificate.". Under the "Certification Path" tab, you should see a chain of certificates going up to your CA's root. None of the certificates in this chain should show a red X or any other error icon.
Alternatively--since you already have an IIS installation on the same box-- you can try configuring SSL on IIS to see if everything checks out. If it works for IIS, it should also work for TS.
--
Samim Erdogan
Program Manager
Terminal Services Group
---------------------------
"Steve Meredith" <Steve Meredith@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:84F2E004-0BC2-4DCA-9037-778280106039@xxxxxxxxxxxxxxxx
Hi,external clients)
I am setting up a Windows 2003 SP1 server to authenticate using SSL. (for
I have no problem configuring the server or clients to use a certificate,
but I can not seem to generate a working certificate for this purpose.
We do not have a CA in our domain, and if we did it would not be trusted by
the external clients anyway.
How can I generate a correct CSR to request a certificate from a third party
(in this case RapidSSL)? I have tried to generate a CSR using IIS, I was able
to get a certificate from RapidSSL but after installing it to the terminal
server it was not available for Terminal Services authentication.
According to various documentation the certificate must have the correct
"intended purposes" such as client authentication and server authentication.
I can't see any way of including these purposes in a CSR, at least from IIS.
is there another way to generate a CSR?
Help?
.
- Prev by Date: RE: Restrict User to One Session ONLY
- Next by Date: Re: saving password in rdp file
- Previous by thread: Re: Is this true?
- Next by thread: Problem with Terminal Server connection
- Index(es):
Relevant Pages
|
