Here's my status:
I am trying to create an SSL certificate which is installed on all Developer's machine, with two internal servers (everything is non-production)
What should I do to create a certificate, which can be installed in all these places?
Now I have found something in these versions of Microsoft Visual Studio 8 \ SDK \ v2.0 \ bin using the Mercator application:
Make-up R -P -N-n-nnnnn-cn = MySite.comcom dev "-b 01/01/2000 -e 01/01/2033 -Cuuku 1.3.6.1.5.5.7.3.1 -SS Root-SR Local MacIn-C Exchange Exchange - "Microsoft RSA Scanal Cryptographic Provider" -12 Mycert.cer However, I'm not sure that this .cer file on other computers How to keep it, and when I install it on my local machine IIS, every time I get the page via https:: I get a security signal (even after installing my certificate)
My scripts to do this:
Create a Certificate Authority
< P> Self-signed certificate (-r) for signing, with an exportable private key (-p), SHA1 (-r) (A signature) by using the private key is written on a file (-sv). MAKTURE -RPP-N "CN = My Root Aththi" -As CS-RR Current User ↑ AA-1 -Sky Signature -CC Authorization -SV CAPVic Cessor (^ = Allow batch command line to be wrapped)
Create server certificate
Use one for SHA1 (-a) for key exchange Create a server certificate with the exportable private key (-p), (-any exchange). It can be used as an SSL server certificate (-AQ 1.3.6.1.5.5.7.3.1). The issuing certificate is in a file (-i), as the key (-iv) is to use a special crypto provider (-sp, -sy).
McCartt-P-N "CN = fqdn.of.server" -a sha1 -sky Exchange ^ -eku 1.3.6.1. 5.5.7.3.1 - CACER-I CAPVic ^ -sp "Microsoft RSA scanable cryptographic provider" ^ -Si 12-SU server PVK server.Source PVK2 PFX-PVK server PVK-SPC server.SourcePPX Server.pfx Then you use the PFX file in your server app (or install it in IIS). Note, by default, the password for pvk2pfx output PFX file does not apply . You have to use the -po switch for this.
To rely on all your client machines, install CA.cer in their certificates store (in the Trusted Root Authorities store). If you are on a domain, you can use the Windows Group Policy to do this globally. If not, you can use the certmgr.msc MMC snapin, or certutil command line utility:
certutil-user- Addstore root cessor To install the certificate in the program IIS 6.0, see. For IIS 7.0, I do not know.
Comments
Post a Comment