IIS, SSL and my local machine.

[Mike Malter]

I really hope this is the place to go for an answer to this question.

I am coding a web project on my laptop. I need to write some code that will involve https for the payment part of the app.
However, I can't find a way to create a new website in XP Professional, only subwebs. Also, I can't seem to get https to work with
the IIS on my laptop too.

I tried giving my machine a static IP, but that did not work.

How do you do this?

Thanks.

 

[Guest]

Since Windows XP isn't a server opperating system, you can only have one 1 website. If you want more you need to change to a server opperating system (Windows Server 2003, Windows 2000)

For SSL (https); Once you install a certificate on a Web Site, you can change the SSL port for the site. You have two options for creating and installing certificates. You can use your own Cetificate Services to generate your certificates or you can use a trusted third-party authority. When you use Certificate Services, you manage the certificate creation, expiration, and revocation process. When you create certificates through trusted third-party authorities, you let the trusted authority mangae the certificate creation, expiration, and revocation process. Either way, the basic tasks you need to preform, create, and install a certificate are as follows

1. Create a certificate request. Each web site hosted on your Web server needs a seperate certificate if you want SSL to work properly. The first step in the certificate creation process is to generate a certificate request. You can generate a certificate request by completing the following steps
1. In the IIS snap-in, right click your site and select properties
2. Fromt he Directory Security tab, select Server Certificate. This starts the Web Server Certificate Wizard. Click Next
3. Click "Create a new Certificate", Next..
4. Click next again..
5. Next Fill in the certificate name and select a bit length. THe name should be descriptive. The bit legnth sets the encryption strneght of your public and private keys. In most cases you should select the highest you can. HIT NEXT
6. Enter your organization information in the fields provided. blah bal
7. Type your computers name, should be there already
8. Enter the geographic information for you company. hit next! (Dont use abbreviations.
9. Selcect a spot to store your certificate request file
10. click next and finish then your done with the request generation process

Now you have to submit it to a third party Authority such as En-Trust, Equifax, Valicert or Verisign. THe certificat=signing requerst is stored as ASCII text int he fiel you specified. Most Certificate Authorities (CAs) have you submit the crticiate request as a part of a formal site registration process. In theis registration process, you'll be asked to submit the rquest file ina n email or though an online form. WHen using email you simply attqach the requts fiel to the email and send it. WHe using an online form you must copy the entire text of the file and past it to the form

After the CA review yoru certificate request the ca will either approce or decline your request. If the CA approvces the rquest you will recive an email with the signed certificate attached or a notice to visit a location where you can retrieve the signed certificate. Ther verificat is an ASCII text file that you can view in Notepad, and it can onlyb e decryped with the privat key you generated perviosly. Once you get all that done, ask me how to install it

 

[Guest]

http://www.thawte.com/ucgi/gothawte.cgi?a=w39780134407027000

 

[Mike Malter]

Alex,

Thanks for taking the time to write such an informative response.

I have already installed a certificate that was issued from our domain CA. I already have it working on our qa server as well as
our production server (just a test until we get our "real" certificate). It works over the internet as well as locally.

My problem is that once I have the cert installed on my computer, I cannot access the site on the local web server using https. I
have even given my laptop a fixed ip and registered it in DNS. Even when I use the fixed name of the computer instead of local host
it will not work.

I created three different certificates, using localhost, the NetBIOS name and the FQDN of the machine. I could not get any of them
to work.

Is there something else I have to do to get this to work?

Thanks.

Since Windows XP isn't a server opperating system, you can only have one 1 website. If you want more you need to change to a

server opperating system (Windows Server 2003, Windows 2000).

For SSL (https); Once you install a certificate on a Web Site, you can change the SSL port for the site. You have two options for

creating and installing certificates. You can use your own Cetificate Services to generate your certificates or you can use a
trusted third-party authority. When you use Certificate Services, you manage the certificate creation, expiration, and revocation
process. When you create certificates through trusted third-party authorities, you let the trusted authority mangae the certificate
creation, expiration, and revocation process. Either way, the basic tasks you need to preform, create, and install a certificate are
as follows:

1. Create a certificate request. Each web site hosted on your Web server needs a seperate certificate if you want SSL to work

properly. The first step in the certificate creation process is to generate a certificate request. You can generate a certificate
request by completing the following steps.

1. In the IIS snap-in, right click your site and select properties.
2. Fromt he Directory Security tab, select Server Certificate. This starts the Web Server Certificate Wizard. Click Next.
3. Click "Create a new Certificate", Next...
4. Click next again...
5. Next Fill in the certificate name and select a bit length. THe name should be descriptive. The bit legnth sets the

encryption strneght of your public and private keys. In most cases you should select the highest you can. HIT NEXT.

6. Enter your organization information in the fields provided. blah balh
7. Type your computers name, should be there already.
8. Enter the geographic information for you company. hit next! (Dont use abbreviations.)
9. Selcect a spot to store your certificate request file.
10. click next and finish then your done with the request generation process.

Now you have to submit it to a third party Authority such as En-Trust, Equifax, Valicert or Verisign. THe certificat=signing

requerst is stored as ASCII text int he fiel you specified. Most Certificate Authorities (CAs) have you submit the crticiate request
as a part of a formal site registration process. In theis registration process, you'll be asked to submit the rquest file ina n
email or though an online form. WHen using email you simply attqach the requts fiel to the email and send it. WHe using an online
form you must copy the entire text of the file and past it to the form.

After the CA review yoru certificate request the ca will either approce or decline your request. If the CA approvces the rquest

you will recive an email with the signed certificate attached or a notice to visit a location where you can retrieve the signed
certificate. Ther verificat is an ASCII text file that you can view in Notepad, and it can onlyb e decryped with the privat key you
generated perviosly. Once you get all that done, ask me how to install it.

 

[Guest]

um, can you show me what exactly your typing into the address bar

 

[Mike Malter]

Alex,

Thanks for taking the time to help. Here is some relevant information.

My machine NetBIOS name is: mikemalter
My FQDN is: mikemalter.joyousliving.com
I have a static IP and it is in our DNS.
I can successfully ping my machine using NetBIOS name as well as the FQDN
I have tried this with three different certs.

Look at the list below for the cert common name and URL pairs.

cert common name->URL I type in
1.) localhost->http://localhost/ClassReunion/index.aspx (works)
2.) localhost->https://localhost/ClassReunion/index.aspx (fails)
3.) mikelaptop->http://mikelaptop/ClassReunion/index.aspx (works)
4.) mikelaptop->https://mikelaptop/ClassReunion/index.aspx (fails)
5.) mikelaptop.joyousliving.com->http://mikelaptop/ClassReunion/index.aspx (works)
6.) mikelaptop.joyousliving.com->https://mikelaptop/ClassReunion/index.aspx (fails)

For grins I put a single page in wwwroot, default.htm which says hello world.
1.) localhost->http://localhost (works)
2.) localhost->https://localhost (fails)
3.) mikelaptop->http://mikelaptop works)
4.) mikelaptop->https://mikelaptop (fails)
5.) mikelaptop.joyousliving.com->http://mikelaptop (works)
6.) mikelaptop.joyousliving.com->https://mikelaptop (fails)

The cert is in IIS as I have double checked the port number 443 and have viewed the cert. I have also experimented with setting the
IP address in the web site tab from all unassigned to the hard IP of the box.

No matter what I do I get the IIS Cannot find server error page.

Any help would be greatly appreciated as all the developers are working off of their laptops.

Thanks.

Mike

 

[Guest]

When you got to this form via the IIS process..

http://eggfamily.no-ip.org/images/ssl.jp

did you enter "http://..." or "https://"?

 

[Guest]

Are you there? Did you fix it. I'm pretty sure your problem is when you were making the file in IIS

check out the picture of the form on my last post. What you put in that text box should be exactly how you type your address in IE's addresss bar

look I set up SSL really fast on my server. I even signed my OWN certificate for FREE

https://eggfamily.no-ip.or

if anyone want's a certificate, just ask. I'd be gald to issue one for you

 

[Guest]

I just posted something, and I think I chose "Close" on accident

Anyways, I'm pretty sure your prblem was the previous stated. When you were at this screen

https://eggfamily.no-ip.org/images/ssl.jp

You didn't enter your address correctly. in that box you should enter EXACTLY what you put in Internet Explorer's address bar to get to your site. (like... https://mikemalter.joyousliving.com, or whatever.

Actually, I set up SSL on my IIS really fast.

https://eggfamily.no-ip.org

I even signed the certificate MYSELF. for FREE

Anyways, if that's not it. Let me know. If anyone wants a certifiacte, just ask. I'll sign one for free.

 

[Mike Malter]

Alex,

I clicked on the link and got the following page:

The page cannot be displayed
There is a problem with the page you are trying to reach and it cannot be displayed.

--------------------------------------------------------------------------

Please try the following:

a.. Click the Refresh button, or try again later.

b.. Open the eggfamily.no-ip.org home page, and then look for links to the information you want.
c.. If you believe you should be able to view this directory or page, please contact the Web site administrator by using the
e-mail address or phone number listed on the eggfamily.no-ip.org home page.
10061 - Connection refused
Internet Security and Acceleration Server

--------------------------------------------------------------------------

Technical Information (for support personnel)

a.. Background:
The server you are attempting to access has refused the connection with the gateway. This usually results from trying to
connect to a service that is inactive on the server.

b.. ISA Server: MMANT2.joyousliving.com
Via:

Time: 3/1/2004 7:45:35 PM GMT

 

[Mike Malter]

Alex,

All I got was a blank page.

I think there may be a misunderstand here. I can make SSL work on any of our servers, just not on my development machine which is
running XP Professional.

You got that part right?

 

[Mike Malter]

Alex,

I really appreciate your help and I know it should work. I have typed in my address correctly.

When I type in http://mikelaptop.joyousliving.com I get the page, when I type in https://mikelaptop.joyousliving.com I get the
following error:

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may
need to adjust your browser settings.

--------------------------------------------------------------------------

Please try the following:

a.. Click the Refresh button, or try again later.

b.. If you typed the page address in the Address bar, make sure that it is spelled correctly.

c.. To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click
Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider
(ISP).
d.. If your Network Administrator has enabled it, Microsoft Windows can examine your network and automatically discover
network connection settings.
If you would like Windows to try and discover them,
click Detect Network Settings
e.. Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine
what strength security you have installed.
f.. If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and
then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0,
PCT 1.0.
g.. Click the Back button to try another link.



Cannot find server or DNS Error
Internet Explorer


My problem is that I am trying to troubleshoot this problem and I am looking for ideas and assistance.

Mike

I just posted something, and I think I chose "Close" on accident.

Anyways, I'm pretty sure your prblem was the previous stated. When you were at this screen.

https://eggfamily.no-ip.org/images/ssl.jpg

You didn't enter your address correctly. in that box you should enter EXACTLY what you put in Internet Explorer's address bar to

get to your site. (like... https://mikemalter.joyousliving.com, or whatever.)

 

[Guest]

Dear Mike,

From my understanding to this issue, you are going to provide the SSL
service in your windows XP professional OS.

Since Windows XP is the personal-desktop OS, it is not suggested or
recommended by Microsoft to provide SSL service in Windows XP professional
version and the IIS in windows XP is version 5.1 which can only create one
web site to provide the internet service.

In your scenario, if you only want to use the Windows XP, I'd suggest one
3rd party link will introduce all the necessary information for you
regarding the SSL configuration in Windows XP.
http://www.somacon.com/iis_ssl/

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

This reply contains a reference to a third-party World Wide Web site.
Microsoft is providing this information as a convenience to you. Microsoft
does not control these sites and has not tested any software or information
found on these sites; therefore, Microsoft cannot make any representations
regarding the quality, safety, or suitability of any
software or information found there. There are inherent dangers in the use
of any software found on the Internet, and Microsoft autions you to make
sure that you completely understand the risk before retrieving any software
from the Internet.

 

[Guest]

Hi Mike,

Does my reply make sense to you?

If you still have any concern, please feel free to feedback, I will help
you. Thanks

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Guest]

Don't you also need to register the certificate on the client as well?

 

[Meir Rotfleisch]

Alex Hi

Can you possibly send me info on how you set up a Certificate that you
sign on your own?

Regards

Meir



*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

 

[Tamir Khason]

http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html

Hope it helps