tag:blogger.com,1999:blog-8237010798052417466.post411600304800197252..comments2023-04-30T07:18:59.131-07:00Comments on Contributions, ramblings, and rants from Rainabba: SSL Certs for IIS with PFX once and for all - SSL and IIS Explainedrainabbahttp://www.blogger.com/profile/14064142359598390121noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-8237010798052417466.post-74005477334805587762020-08-01T08:42:13.053-07:002020-08-01T08:42:13.053-07:00at yet again, resolved. Thank youat yet again, resolved. Thank youAnonymoushttps://www.blogger.com/profile/08736876986143604921noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-58176762174954496452020-06-16T09:14:20.132-07:002020-06-16T09:14:20.132-07:00Question: My hosting provider (WinHost) generated ...Question: My hosting provider (WinHost) generated a CSR for me. I used that CSR at ZeroSSL to generate a certificate. That certificate is being rejected with the error message that the certificate does not match the common name of the request. I tried it three times (and now have run out of cert attempts), and all three fail.<br /><br />In generating the CSR, I used my full domain name - e.g. www.mydomain.com. I noted that ZeroSSL listed both www.mydomain.com and mydomain.com to generate the cert. Is that where the mismatch comes from? <br /><br />Since I'm out of attempts with ZeroSSL, is there somewhere else I can generate a Cert with my CSR?Anonymoushttps://www.blogger.com/profile/17671650770314299241noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-62974068503438309392020-01-06T07:43:20.775-07:002020-01-06T07:43:20.775-07:00This is the best explanation I have seen. Thank yo...This is the best explanation I have seen. Thank you very much. :)Anonymoushttps://www.blogger.com/profile/06237534754377857181noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-30748485679354047862019-10-05T06:14:07.470-07:002019-10-05T06:14:07.470-07:00I have 1 CSR of one of my appliance I need to conv...I have 1 CSR of one of my appliance I need to convert it into pkcs#7 (Webserver template) and again convert that PKCS#7 to PEM.<br />Manually I can do it. My question is how to automate this task. Is there any way, if yes please help me. Thanks!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-63344475612041879322018-06-14T11:32:58.087-07:002018-06-14T11:32:58.087-07:00Kudos!Kudos!RFhttps://www.blogger.com/profile/18109482732336104079noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-47854598435844801602017-06-29T14:20:06.676-07:002017-06-29T14:20:06.676-07:00@Vijayaraghavan When a cert is imported to Windows...@Vijayaraghavan When a cert is imported to Windows and it has a private key, there is an option to make it exportable (with key) or not. It sounds like the one in your system was done without that switch enabled. The following may prove useful though:<br /><br />https://goo.gl/photos/9rUNYe7eQ8bWt25D8<br /><br />https://support.microsoft.com/en-au/help/232154/iis-export-private-key-option-is-grayed-when-exporting-a-server-certif<br /><br />rainabbahttps://www.blogger.com/profile/14064142359598390121noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-27759198167574004042017-06-28T19:51:53.629-07:002017-06-28T19:51:53.629-07:00Forgot to mention one more aspect. If I try to Exp...Forgot to mention one more aspect. If I try to Export the certificate from MMC, it doesn't allow to export with the private key. However, if I see the property of the certificate, it says 'you have a private key corresponding to this certificate'. Wonder what prevents from exporting with private key.<br /><br />ThanksVijayaraghavan TV a.k.a Vijay TVhttps://www.blogger.com/profile/06866766733870917167noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-13005139429446936352017-06-28T18:58:16.199-07:002017-06-28T18:58:16.199-07:00I have a wild card SSL (*.mydomain.net) from GoDad...I have a wild card SSL (*.mydomain.net) from GoDaddy and I have the exact same issue; and I did the steps exactly as you have done. But I am not able to Export the CRT with the Private Key from the MMC. The Option to export with the private key is disabled. Neither I am able to associate this Certificate in IIS for https binding. It is giving an error "The logon session does not exist...blah blah". I tried to explain GoDaddy Tech support on the issue, but I their Tech Support team is pathetic to even understand the issue and they keep repeating the SOP they have like a textbook definition. I tried using OpenSSL as I do not have any other option to convert, but OpenSSL also doesn't work. Kindly suggest / help. Vijayaraghavan TV a.k.a Vijay TVhttps://www.blogger.com/profile/06866766733870917167noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-58792296751973122742017-01-12T04:48:48.195-07:002017-01-12T04:48:48.195-07:00This is what you need when you search about an arg...This is what you need when you search about an argument. Clear, concise and comprehensiveAnonymoushttps://www.blogger.com/profile/11028218994853335231noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-42857034451520993282016-08-21T05:04:24.819-07:002016-08-21T05:04:24.819-07:00Thanks for the blog. :)Thanks for the blog. :)kalpeshhttps://www.blogger.com/profile/18021163006527564816noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-63507826238564677292016-05-19T11:59:29.225-07:002016-05-19T11:59:29.225-07:00While this did help, I found that there was still ...While this did help, I found that there was still an additional step missing. I had to repair the cert I received from my CA as it was missing the private key, like so:<br /><br />certutil –repairstore my “thumbprint”<br /><br />where the thumbprint is from the certificate.IIS-Certificate-Insanityhttps://www.blogger.com/profile/11186652675979522846noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-53221336528022246742016-02-02T09:19:01.202-07:002016-02-02T09:19:01.202-07:00BlogOn,
As I understand it, SHA2 is only used to ...BlogOn,<br /><br />As I understand it, SHA2 is only used to create the hash for the request, to be even more sure the request itself isn't tampered with though I'm not 100% sure on that. I do think the following will help you get there though: https://myexchangelync.wordpress.com/2014/12/14/create-a-csr-with-sha256-signature-algorithm/ That's the best I've got.rainabbahttps://www.blogger.com/profile/14064142359598390121noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-35757020323729898072016-02-02T05:32:50.023-07:002016-02-02T05:32:50.023-07:00Hi Michael,
I am not sure if you still blog on th...Hi Michael,<br /><br />I am not sure if you still blog on this article, can you let me know How to generate a CSR using IIS that supports SHA-256 ?<br /><br />Your steps are clear if we don't need sha256. How can we do the steps if we need sha256.BlogOnhttps://www.blogger.com/profile/05444633322347000732noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-73812926281618609552015-01-29T05:24:25.518-07:002015-01-29T05:24:25.518-07:00thanks a lot for your info.thanks a lot for your info.dudehttps://www.blogger.com/profile/04292438088487719506noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-84324449777491186582014-12-17T06:55:39.694-07:002014-12-17T06:55:39.694-07:00Thank you for this article!Thank you for this article!Fredrikhttps://www.blogger.com/profile/16880789287338631485noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-83074945958140913042014-12-04T01:05:42.534-07:002014-12-04T01:05:42.534-07:00Hi Michael,
Am I correct in saying:
1) If you re...Hi Michael,<br /><br />Am I correct in saying:<br /><br />1) If you receive for example a .CER/.CRT file and the CSR was generated using IIS on the server, you can simply import the certificate using "Complete Certificate Request"<br />2) If you receive for a example a .CER/.CRT file and the CSR was NOT generated using IIS (i.e. third party generator), you have to combine the .CER, (optional - intermediate certificates) AND the private key into a PFX file so that you can import it?<br /><br />Cheers,<br /><br />MichaelAnonymoushttps://www.blogger.com/profile/05705433658819755022noreply@blogger.comtag:blogger.com,1999:blog-8237010798052417466.post-53503585705785658052014-10-23T12:00:48.453-07:002014-10-23T12:00:48.453-07:00Hi Michael,
This article is absolutely superb I am...Hi Michael,<br />This article is absolutely superb I am so glad I found it before I embarked on any of the posted alternatives. They make such hard work of it. I also now understand what's going on.<br />Many thanks for taking the time to write this up - Genius.<br />Mike Annesley<br />Mikehttps://www.blogger.com/profile/13110342948532972721noreply@blogger.com