Kitz Forum
Internet => Web Hosting & Web Design => Topic started by: chenks on May 17, 2018, 03:50:38 PM
-
anyone know anything about IIS6 and installed SSL certficates?
someone has bought an SSL certificate for their domain from 123-ref (who the domain was bought from).
the website is hosted by themselves on an Windows 2003 Server running IIS6 (yes i know).
the cert has come thru from 123-ref and the end result of their instructions give 2 files
yourdomain.crt
gs_intermediate_ca.crt
unfortunately the instructions 123-reg provide for IIS6 seems to be a little vague (approaching wrong).
https://www.123-reg.co.uk/support/ssl-certificates/installing-your-ssl-iis-5-iis-6/
i'm fine up until step 7, but step 8 is where it goes amiss.
it doesn't say which of the two files should be applied here, and anyway IIS seems to be wanting a .cer file rather than a .crt file.
anyone assist?
-
certificate response file probably means the main certificate not the CA.
What you may need to do is merge both certificates into one file if IIS does not support having 2 certificates added.
-
well i don't know if IIS supports it or not.
as you can see, the instructions from 123-reg don't appear to be correct.
-
yes they omit how to add the CA which is why I suggested to merge the file and just add the merged file, I have no experience with using windows to host websites.
-
Hi
You can rename your domain.crt to your domain.cer and use that
The .ca.crt needs adding into trust but not got time to show pics or do a full run out. If I have time tommorow I will and post for you
The only issue which you may be aware of, is TLS and it may not work well with TLSv1.2
Many thanks
John
-
You can rename your domain.crt to your domain.cer and use that
The .ca.crt needs adding into trust but not got time to show pics or do a full run out. If I have time tommorow I will and post for you
that would be helpful thanks
-
Hi Chenks
Please see run down for CA crt trust for IIS6
Many thanks
John
click Run
Type in MMC and press Enter
Click OK
click File - Add/Remove Snap-in
Click Add
Select Certificates
Click Add
Select Computer Account
Click Next
Select Local Computer
Click Finish
In the snap-in list window, click Close
In the Add/Remove Snap-in Window, click OK
On the left pane, expand the 'Intermediate Certification Authorities' folder
Right-Click on the 'Certificates' folder
Select All Tasks > Import
In the Certificate Import Wizard, click Next
Click Browse and navigate to the Intermediate CA Certificate File
Click Next
Select 'Place all certificates in the following store'
If necessary, browse and select 'Intermediate Certification Authorities'
Click OK
Click Next
Click Finish
Close the MMC
reboot server
-
ok, is that for the gs_intermediate_ca.crt file?
and the yourdomain.crt file, i can rename to yourdomain.cer and then import that via IIS directory security?
-
Hi Chenks
Yes, the above for gs_intermediate_ca.crt
for the cert itself, you rename yourdomain.crt to yourdomain.cer, then follow 123-reg instructions to finish the CSR.
You can do both these before rebooting server
Many thanks
John
-
ah. so a reboot is required after they have been applied.
i'll need to schedule that in then outside normal hours.
-
i've applied both files and will schedule a reboot tonight.
i've tested https://www.blah.com without the reboot and it's correctly loading and showing as secured, so all seems OK so far.
obviously we have ended up with two instances of the domain - the HTTP and the HTTPS version.
can IIS be set to push any user on to HTTPS should be put HTTP when entering the URL ?
-
i think i may have worked it out.
basically change port 80 to something else on the existing site in IIS (port 82 for example).
add a new site with the same hostname on 80, set it to HTTP redirect to https://www.blah.com (set to permanent).
it kind of works, but don't know if that is the "Best practice" to do it in IIS6.