<< Back to Part 1
4. Apply config to the Windows 2003 IIS Server.
To use both those files on IIS Server, you need to convert them to the .pfx format
Server# openssl pkcs12 -export -inkey Key.pem -in Certificate.pem -out IIS.pfx -nodes
Enter Export Password:
Typing some password to protect the file.
Copy the IIS.pfx to Windows server and right-click to import it to the Trusted Root Certification Authorities \ Local Computer.
Open the IIS management console, and import the IIS.pfx to the Server Certificate Wizard to enable https feature.
When it is running, make connecting from IE client and see https works.
On IE client, if you want to bypass the Certificate Error/Warning Message, you have to satisfy the 3 conditions :
Back to our scenario, on IE client you need to :
No more Warning message and the lock icon besides the address bar has changed to blue color (that means valid Certificate)
Enter Export Password:
Verifying - Enter Export Password:
Typing some password to protect the file.Copy the IIS.pfx to Windows server and right-click to import it to the Trusted Root Certification Authorities \ Local Computer.
- The expired time of the Certificate must be valid.
- The client must trust the CA provider (the Issued by entry) or higher level CA providers.
- The domain name of the website must match the subject of the Certificate (the Issued to entry).
- Import the Certificate by clicking the lock icon (beside the address bar) and import the Certificate to the Trusted Root Certification Authorities.
- Modify the C:\windows\system32\drivers\etc\hosts file to use domain name instead of IP address.
No more Warning message and the lock icon besides the address bar has changed to blue color (that means valid Certificate)
No comments:
Post a comment