Hello Alain, sorry for the delay in the reply... I'm currently outstation at the moment and had to find the time to VPN into my network inorder to check the IIS settings for you...
hmm... I checked my IIS setup and it indicates that the server certificate is valid... one thing I noticed is that you are using a 512-bit RSA key instead of a 1024-bit RSA key which I am using... if it is not too much effort, please run over the steps I outlined, this time specify a 1024 bit key.. also ensure that the common name used by the certficate (inputted during the certificate request generation) is the same as the NETBIOS/DNS Name of your IIS Server Machine... Good Luck and please let me know how it pans out... Friday, July 25, 2003, 8:47:14 PM, you wrote: AL> Very thanks for you answer. AL> In the website console administration. AL> On my Webserver, via properties -> tab Directory Security -> in secure AL> communication frame, View Certificate. AL> In the Certificate Window, the last tab called Certification Path, you have AL> a box called 'Certificate Status' that give me : AL> "This certificate has an nonvalid digital signature." AL> If I try to connect my website : https://127.0.0.1/ No connection... the AL> IIS web server just don't listen on port 443 because it think that AL> certificate is bad.. AL> The most amazing things that is IIS import with succes the certificate and AL> indicate than I have the privkey. Also, I check in the Event Viewer in all AL> subdirectories... but I found nothing concerning IIS except this : AL> ----------- AL> Event Type: Warning AL> Event Source: W3SVC AL> Event Category: None AL> Event ID: 48 AL> Description: AL> One of the certificates in the certificate chain of the server certificate AL> for instance '1' has an invalid signature. AL> ------------ AL> Also, If I installed my NetMeeting certificate, IIS web server work fine in AL> SSL mode....(so my configuration is correct.. .except for this Server AL> Certificate) AL> So, if you have an idea... ! Thanks, AL> Alain AL> nb: i attached snapshot about the certificate window. AL> ----- Original Message ----- AL> From: "Derek Chew En-Hock" <[EMAIL PROTECTED]> AL> To: "Alain Lafleche" <[EMAIL PROTECTED]> AL> Cc: <[EMAIL PROTECTED]> AL> Sent: Friday, July 25, 2003 7:42 AM AL> Subject: Re: openssl procedure - i read your "mini" tutorial & have 1 AL> question - please >> Hello Alain, >> >> where did you see the certificate status option? from my IE6 browser, >> it indicates only indicates that the certificate isn't verified by a >> trusted CA... not to mention I see the SSL symbol (locked padlock >> icon) which indicates that 128-bit encryption is enabled... >> >> any more experienced OpenSSL users would like to comment on this? >> >> Thursday, July 24, 2003, 10:34:54 PM, you wrote: >> AL> Hi, >> AL> I just read your mini-tutorial & i want to thanks you..! It was really AL> better easy to do procedure. Thanks >> AL> But, I have only 1 question : >> AL> Certificate Request is sign with success. I imported it in IIS. I can AL> check the certificate is write at my name & it's indicated than I have AL> private key for this certificate. >> >> AL> But the problem is in certificate status is indicate : >> AL> "This certificate has an nonvalid digital signature." >> >> AL> The results is than IIS doen'st work in secure mode. >> AL> Thanks very much, >> AL> Alain >> AL> nb: i make test with another certificate and my IIS configuration AL> works good in secure ssl mode. >> >> -- >> Best regards, >> Derek mailto:[EMAIL PROTECTED] >> -- Best regards, Derek mailto:[EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
