Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: SSL certificate from 123-reg on IIS6  (Read 5235 times)

chenks

  • Kitizen
  • ****
  • Posts: 1106
SSL certificate from 123-reg on IIS6
« on: May 17, 2018, 03:50:38 PM »

anyone know anything about IIS6 and installed SSL certficates?

someone has bought an SSL certificate for their domain from 123-ref (who the domain was bought from).
the website is hosted by themselves on an Windows 2003 Server running IIS6 (yes i know).

the cert has come thru from 123-ref and the end result of their instructions give 2 files

yourdomain.crt
gs_intermediate_ca.crt

unfortunately the instructions 123-reg provide for IIS6 seems to be a little vague (approaching wrong).
https://www.123-reg.co.uk/support/ssl-certificates/installing-your-ssl-iis-5-iis-6/

i'm fine up until step 7, but step 8 is where it goes amiss.
it doesn't say which of the two files should be applied here, and anyway IIS seems to be wanting a .cer file rather than a .crt file.

anyone assist?
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: SSL certificate from 123-reg on IIS6
« Reply #1 on: May 17, 2018, 03:51:47 PM »

certificate response file probably means the main certificate not the CA.

What you may need to do is merge both certificates into one file if IIS does not support having 2 certificates added.
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: SSL certificate from 123-reg on IIS6
« Reply #2 on: May 17, 2018, 03:54:36 PM »

well i don't know if IIS supports it or not.
as you can see, the instructions from 123-reg don't appear to be correct.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: SSL certificate from 123-reg on IIS6
« Reply #3 on: May 17, 2018, 05:59:57 PM »

yes they omit how to add the CA which is why I suggested to merge the file and just add the merged file, I have no experience with using windows to host websites.
Logged

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: SSL certificate from 123-reg on IIS6
« Reply #4 on: May 17, 2018, 08:43:42 PM »

Hi

You can rename your domain.crt to your domain.cer and use that

The .ca.crt needs adding into trust but not got time to show pics or do a full run out. If I have time tommorow I will and post for you

The only issue which you may be aware of, is TLS and it may not work well with TLSv1.2

Many thanks

John
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: SSL certificate from 123-reg on IIS6
« Reply #5 on: May 17, 2018, 09:00:02 PM »

You can rename your domain.crt to your domain.cer and use that
The .ca.crt needs adding into trust but not got time to show pics or do a full run out. If I have time tommorow I will and post for you

that would be helpful thanks
Logged

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: SSL certificate from 123-reg on IIS6
« Reply #6 on: May 18, 2018, 09:35:27 AM »

Hi Chenks

Please see run down for CA crt trust for IIS6

Many thanks

John

click Run
Type in MMC and press Enter
Click OK
click File - Add/Remove Snap-in
Click Add
Select Certificates
Click Add
Select Computer Account
Click Next
Select Local Computer
Click Finish
In the snap-in list window, click Close
In the Add/Remove Snap-in Window, click OK
On the left pane, expand the 'Intermediate Certification Authorities' folder
Right-Click on the 'Certificates' folder
Select All Tasks > Import
In the Certificate Import Wizard, click Next
Click Browse and navigate to the Intermediate CA Certificate File
Click Next
Select 'Place all certificates in the following store'
If necessary, browse and select 'Intermediate Certification Authorities'
Click OK
Click Next
Click Finish
Close the MMC
reboot server
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: SSL certificate from 123-reg on IIS6
« Reply #7 on: May 18, 2018, 09:40:06 AM »

ok, is that for the gs_intermediate_ca.crt file?

and the yourdomain.crt file, i can rename to yourdomain.cer and then import that via IIS directory security?
Logged

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: SSL certificate from 123-reg on IIS6
« Reply #8 on: May 18, 2018, 09:45:22 AM »

Hi Chenks

Yes, the above for gs_intermediate_ca.crt

for the cert itself, you rename yourdomain.crt to yourdomain.cer, then follow 123-reg instructions to finish the CSR.

You can do both these before rebooting server

Many thanks

John
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: SSL certificate from 123-reg on IIS6
« Reply #9 on: May 18, 2018, 09:49:45 AM »

ah. so a reboot is required after they have been applied.
i'll need to schedule that in then outside normal hours.
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: SSL certificate from 123-reg on IIS6
« Reply #10 on: May 18, 2018, 02:59:02 PM »

i've applied both files and will schedule a reboot tonight.
i've tested https://www.blah.com without the reboot and it's correctly loading and showing as secured, so all seems OK so far.

obviously we have ended up with two instances of the domain - the HTTP and the HTTPS version.
can IIS be set to push any user on to HTTPS should be put HTTP when entering the URL ?
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: SSL certificate from 123-reg on IIS6
« Reply #11 on: May 18, 2018, 03:44:51 PM »

i think i may have worked it out.

basically change port 80 to something else on the existing site in IIS (port 82 for example).
add a new site with the same hostname on 80, set it to HTTP redirect to https://www.blah.com (set to permanent).
it kind of works, but don't know if that is the "Best practice" to do it in IIS6.
Logged
 

anything