There is a way to create certificates with openssl and convert them to IIS4.0 format. We've done that here for a number of years. I believe that you can then copy them from an IIS4 server to an IIS5 server, though I haven't done it myself. I don't know of anyone who has got the certificates straight onto IIS5.
Contact me off the list for more details. I have a task for myself to test keys of greater than 1024 bits before the end of next week. I'll be running through the whole IIS procedure to do this. - John Airey Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Is the statement 'There is no such thing as truth' true? > -----Original Message----- > From: Ian Coggins [mailto:[EMAIL PROTECTED]] > Sent: 19 June 2002 20:06 > To: [EMAIL PROTECTED] > Subject: OpenSSL, IIS 5.0 and Installing certificate trouble > > > Hi, > > I've been through faq's until they come out of my ears but > still don't quite have the answer I need. > > I am simply trying to create a certificate to use on an IIS > web server, using openssl on a linux box to create it. > > The linux installation does not have the CA.pl scripts as far > as I can tell (not my box to manage I'm afraid). > > I have managed to create (or I believe) > > 1/ root CA certificate. Generated own key and certificate. > This created a key/cert file which I managed to combine into > a single pfx format. > 2/ server certificate signed by root CA; hwoever this is in a > pem format. > > > I cannot directly import the certificate ( as key manager > backup file) under IIS 5.0; > > I have however successfully loaded the certificates into the > MMC -> certiticate manager console. The root CA under Trusted > roots; the other under Personal. However neither appear in > the 'assign existing' certificate dialog box on IIS 5.0 > > Where am I going wrong ? > > How do I > > a) I get IIS 5.0 to import the certificates directly? (can > I?) - it always reports an error about "Cannot import key > ring backup file". > > b) otherwise install the certificates I created so that I can > assign an existing cert to IIS 5.0? > > or > > c) create a CSR from IIS and sign this using openssl ? > > Thanks > Ian > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
