IIS 6: Setting up SSL - Appendix B: Obtaining a Root Certificate from Windows Server 2003 Certificate Services

29. July 2011 Bob IIS , SSL Comments (0)

In this second appendix for my blog series about using SSL with IIS 6, I'm going to discuss obtaining the root certificate from Windows Server 2003 Certificate Services. By way of explanation, obtaining a root certificate is one of the most important steps for servers or clients that will use certificates that you issue. While this step is not necessary on the server where you installed Certificate Services, it is absolutely essential on your other servers or clients, because this step will allow those computers to trust your certificate server as a Certificate Authority (CA). Without that trust in place, you will either receive error messages or SSL simply won't work.

I've broken this process into two steps:

Downloading the Root Certificate

  1. Browse to your certificate server's address, (e.g. http://<server-name>/certsrv/), and choose to retrieve the CA certificate:

  2. Click the link to download the CA certificate:

  3. Choose to save the certificate file to disk:

  4. Save the file to your desktop:

Note: If you were to bring up the properties for the root certificate, the certificate's icon should show an error; this is because the certificate has not been imported.

Installing the Root Certificate

Before using any certificates that you issue on a computer, you need to install the Root Certificate. (This includes web servers and clients.)

  1. Double-click the file on your desktop:

  2. Click the "Install Certificate" button:

  3. Click "Next" to start the Certificate Import Wizard:

  4. Choose to automatically choose the store:

  5. Click the "Finish" button:

  6. Click "Yes" when asked if you want to add the certificate:

    NOTE: This step is very important. If you do not see this dialog, something went wrong, and you may need to manually place the certificate in the correct store.
  7. Click "OK" when informed that the import was successful.

Note: If you were to bring up the properties for the root certificate after you have installed it on your computer, you should see that the icon for the certificate no longer shows an error.

That's it for this post. In my next blog post, I'll discuss processing a certificate request.

Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

IIS 6: Setting up SSL - Appendix A: Installing Windows Server 2003 Certificate Services

28. July 2011 Bob IIS , SSL Comments (0)

I needed to take a short break from my blog series about using SSL with IIS 6 in order to work on some other projects, but I wanted to finish the series by giving you a few appendices that give you some additional details that you might want to know if you are using SSL with IIS 6.

In this first appendix, I'll discuss how to install Certificate Services for Windows Server 2003. Installing Certificate Services will allow you to have your own Certificate Authority (CA), and thereby you will be able to issue certificates for your organization. It should be noted that Internet clients that are not part of your organization will not inherently trust your certificates - you will need to export your Root CA certificate, which I will describe in a later appendix for this blog series.

There are four different configurations that you can choose from when you are installing Certificate Services:

Enterprise root CA Integrated with Active Directory
Acts as the root CA for your organization
Enterprise subordinate CA Integrated with Active Directory
Child of your organization's root CA
Stand-alone root CA Not integrated with Active Directory
Acts as the root CA for your certificate chain
Stand-alone subordinate CA Not integrated with Active Directory
Child of your certificate chain's root CA

Note: More information about these options is available at http://technet.microsoft.com/en-us/library/cc756989.aspx

For this blog, I will discuss setting up a Stand-alone root CA.

  1. Run the "Windows Component Wizard" in "Add/Remove Programs", choose "Certificate Services", and click "Next":

  2. Click "Yes" when prompted to continue:

  3. Accept the defaults, then click "Next":

  4. Enter all requested information, then click "Next":

  5. Accept the defaults for the data locations and click "Next":

  6. The wizard will step through installing the services:

  7. When the wizard has completed, click "Finish" to exit the wizard:

That wraps up this blog post. In my next post I'll discuss obtaining the root certificate for your certificate server so you can install it on a client computer or an IIS server; this will allow other computers to trust the certificates that you issue.

Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

Dogs Versus Cats

20. July 2011 Bob Humor Comments (2)

I freely admit that I am a "Dog Person." What's more, I am blessed to have married another dog person - we both love dogs, and this is generally a good thing. My wife grew up surrounded by dogs, as did I.

My wife and I spent the first ten years of our marriage in poverty or in the military, and unfortunately being in the military is a lot like being in poverty. Sad smile Just the same, we had been married ten years before the two of us were finally able to get a dog. Our first dog was a yellow Labrador Retriever named "Barney." Unfortunately, Barney had been mistreated by a previous owner and we were not able to keep him.

Our next dog was wonderful - we got a Bouvier des Flandres, who became a part of our family for the next eleven years. We named him "Ruff Waldo Emerson," which we shortened to Emerson. I had never owned a herding dog before, and it was a lot of fun to watch the way that he took care of our family: he would patiently wait by the door for the kids to arrive home safely from school, and he would try to push me out of my desk chair when he decided that it was time for me to go to bed.

Our most recent dog was a red-haired Golden Retriever, who our son named "Rook." (Our son, Peter, was heavily into chess at the time.) Rook was a great dog, and I now see why so many people love Golden Retrievers. Sadly, Rook died of a fast-acting bone cancer when he was just eight years old. Crying face

All of this is simply an introduction in order to offer proof that I am a dog lover. But that being said, I am decidedly not a "Cat Person." I am allergic to cats, which I think is God's way of saying that man isn't meant to coexist with cats. My daughter has a cat, and her cat seems to like me more than anyone else that comes to visit - which seems to be due to the fact that I ignore it.

Here are several of my thoughts on dogs versus cats:

  • Dogs have masters, cats have servants.
  • When stranded in an avalanche, no one looks for a cat to rescue them.
  • Who cares if cats kill mice? Why not just raise mice and skip a step? My friend has cats which drag live mice into the house - ostensibly to kill them - but eventually the cats lose the mice somewhere inside the house.
  • Dogs are faithful and loyal; cats are selfish and fickle.
  • If you pet a dog, the dog thinks, "Wow - he likes me; he's so wonderful." If you pet a cat, the cat thinks, "Wow - he likes me; I'm so wonderful."
  • No one takes a cat hiking.
  • Dogs can be trained to search for explosives, provide eyesight for the blind, haul loaded sleds across hundreds of miles of hostile terrain, sense a variety of medical conditions, guide herds of animals without supervision, and a host of other important tasks. Cats can be trained to poop in a box.

The debate over which is better – dogs or cats - is ages old, and not likely to ever be resolved. But in my estimation, dogs will always be man's best friend, while cats will remain - at best - frenemies.