22 August 2013

Create SSL self signed certificate using with Apache and Windows IIS - Part 2

<< Back to Part 1 

4. Apply config to the Windows 2003 IIS Server.

To use both those files on IIS Server, you need to convert them to the .pfx format

Server# openssl pkcs12 -export -inkey Key.pem -in Certificate.pem -out IIS.pfx -nodes

Enter Export Password:
Verifying - Enter Export Password:

Typing some password to protect the file.


Copy the IIS.pfx to Windows server and right-click to import it to the Trusted Root Certification Authorities \ Local Computer.


Open the IIS management console, and import the IIS.pfx to the Server Certificate Wizard to enable https feature.

  

Check if the https port 443 has open.


When it is running, make connecting from IE client and see https works.


On IE client, if you want to bypass the Certificate Error/Warning Message, you have to satisfy the 3 conditions :
  1. The expired time of the Certificate must be valid. 
  2. The client must trust the CA provider (the Issued by entry) or higher level CA providers. 
  3. The domain name of the website must match the subject of the Certificate (the Issued to entry). 
A valid Certificate may looks like this :


Back to our scenario, on IE client you need to :
  • Import the Certificate by clicking the lock icon (beside the address bar) and import the Certificate to the Trusted Root Certification Authorities. 
  • Modify the C:\windows\system32\drivers\etc\hosts file to use domain name instead of IP address. 
When done, it will works like a charm.


No more Warning message and the lock icon besides the address bar has changed to blue color (that means valid Certificate)

<< Back to Part 1