{"id":9,"date":"2003-05-06T14:23:40","date_gmt":"2003-05-06T19:23:40","guid":{"rendered":"http:\/\/192.168.33.66\/wp\/?p=9"},"modified":"2009-12-30T22:14:34","modified_gmt":"2009-12-31T03:14:34","slug":"blacklist","status":"publish","type":"post","link":"http:\/\/www.wildow.com\/blog\/?p=9","title":{"rendered":"How to use OpenSSL to act as a CA to sign an IIS certificate request for SSL use"},"content":{"rendered":"<pre>1. Create a certificate request via the Internet Services Manager under\r\n'Directory Security-&gt;Secure Communication-&gt;Server Certificate'. This\r\nis found under the property tab for the webserver you want to secure.\r\nFollow the wizard to create a certificate request and fill up all\r\nrequired details. At the end of the wizard, it will generate a\r\ncertreq.txt file. Move this to your favorite linux box (e.g Debian) or\r\nrun openssl under cygwin.\r\n<!--more-->\r\n2. We now have to generate a private key using OpenSSL\r\n\r\nopenssl genrsa -des3 -out cakey.pem 2048\r\n\r\nThe process will prompt you to supply a PEM pass phrase to help secure the\r\nkey.\r\n\r\n3. Now we have to create a CA certificate for our bogus CA\r\n\r\nopenssl req -new -x509 -key cakey.pem -out cacert.pem -days 1825\r\n\r\n4. Create the following directories in your home directory\r\n\r\ndemoCA\r\ndemoCA\/private\r\ndemoCA\/newcerts\r\n\r\nAlso create in demoCA a empty text file called 'index.txt' and a text\r\nfile called 'serial' with the numbers '01'\r\n\r\n5. Move your private key cakey.pem to the demoCA\/private directory\r\nand cacert.pem to demoCA\/\r\n\r\n6. Sign our previously created IIS certificate request\r\n\r\nopenssl ca -in certreq.txt -out iis.cer\r\n\r\n7. Open iis.cer in your favorite text editor (eg vi) and remove all the text\r\nbefore the line '-- Begin Certificate --'. IIS is not able to handle\r\nthe text above that line and may get confused!\r\n\r\n8. Move iis.cer back to your Windows machine and complete the\r\ncertificate request in IIS by importing the iis.cer file.\r\n\r\nAll done!\r\n\r\n-- \r\nBest regards,\r\n Derek Chew En-Hock                   <a href=\"mailto:sdchew@ieee.org?subject=SWildow%20FAQ\">sdchew@ieee.org<\/a><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>1. Create a certificate request via the Internet Services Manager under &#8216;Directory Security-&gt;Secure Communication-&gt;Server Certificate&#8217;. This is found under the property tab for the webserver you want to secure. Follow the wizard to create a certificate request and fill up &#8230; <a class=\"more-link\" href=\"http:\/\/www.wildow.com\/blog\/?p=9\">Read More &raquo;<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/9"}],"collection":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9"}],"version-history":[{"count":1,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/9\/revisions"}],"predecessor-version":[{"id":353,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/9\/revisions\/353"}],"wp:attachment":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}