Question about Microsoft Windows Server Standard 2003 for PC

1 Answer

Binding SSL certificates using command line.

Is there a way to implement a SSL certificate using CLI on Windows 2003 server (IIS 6.0)?

Posted by on

  • Jorge Alexandres
    Jorge Alexandres Mar 18, 2009

    Yes, I've downloaded the IIS Resources, the IISCerDeploy.vbs script will work to deploy certificates from the command prompt, the certificate request will need to have been generated in the server.

×

1 Answer

  • Level 1:

    An expert who has achieved level 1.

    MVP:

    An expert that got 5 achievements.

    Governor:

    An expert whose answer got voted for 20 times.

    Hot-Shot:

    An expert who has answered 20 questions.

  • Contributor
  • 22 Answers

Hello!

As far as I know, there isn't an easy way of doing this. I've always just deployed certificates using the GUI interface of Internet Information Services. However, your question is a good one, and would be a very handy thing as systems that just run in the command line like Server 2008 in certain configurations run with better performance and less surface area. Great thinking! So I started looking around.

All I could find was the following article, which we know how to implement in the interface.

How to implement SSL or TLS secure communications

Pay close attention to paragraph 3, it looks like it hints towards a few different command line options. Then I found the article below.

IIS 6.0 Resource Kit Tools

IIS Cert Deploy VBS is the closest thing I can find to doing something like what you're describing. It looks like a sample file is included in the kit, and you may find some other options available to you as well in those command line executables included in the IIS kit.

That's the only information I can provide you with unfortunately! I wish I could give you more information because you raise a great point in being able to add a certificate within the command line. I searched around Microsoft knowledgebase articles for awhile and couldn't find anything related except for those links there. You can generate a certificate in the command line, I found a few articles on that, and I believe they mention it in the first link I gave you as well. But as far as implementing to a certain site, that seems to be the part where an interface is required unless that VBS script does anything for you.

Best of luck!

Posted on Mar 18, 2009

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

I keep getting a error message ssl handshake


The SSL handshake is initiated when your browser issues a secure connection request to a Web server. The server sends a public key to your computer, and your computer checks the certificate against a known list of certificate authorities. After accepting the certificate, your computer generates a key, and then encrypts it using the server's public key. If the SSL handshake fails, your connection to the Web server will not be secure, potentially compromising your business communications. If you cannot make a connection to secure sites when the handshake fails, you know the handshake safeguard is working properly. Test your SSL functionality by intentionally causing the handshake to fail.

Other possilbitiy is the SSL is out of date.

Sep 11, 2014 | Computers & Internet

1 Answer

I can't view SSL sites it gives error that your SSL certificate has expired how can i over come this problem


Hello ghulam ali,

SSL certificates are to secure sites, they are issued by Trusted CA's such as Entrust and are sent out through your OS updates (e.g. Windows Updates). You can get the latest update from Microsoft if you are using a Windows based system using the following link: How to get Root Certificate update for Windows

If you are receiving a certificate expired error, this could be caused by the time on your system being incorrect. Make sure that you have the correct time, see the following link for the steps: Microsoft Corporation

If you are still receiving the error after following the steps above, please provide the URL of the site that is giving you the error and I can verify if the certificate is valid.

Mar 31, 2014 | Yahoo Mail

1 Answer

How to install ssl certificate on ACS 32


Installation of a certificate on Cisco ACS Note: ACS only supports PKCS12 certificates. Before installing a certificate, ensure that the certificate is of this type.
To install a signed certificate: Step 1: Choose System Administration > Server Management > Certificate.
The Certificate page appears.
Step 2: Click Install Certificate.
Step 3: On the Install Certificate page, enter values for:
• Server Certificate Format
This is a display-only field, and displays the PKCS12 certificate type.
• Server Certificate File
Enter the path to the local directory in which you saved the certificate file; optionally, click Browse.
• Private Key Password
Enter the private password key, which can be up to 32 characters.
• Confirm Private Key Password
Confirm the private key password.
Step 4: Click Install.
Step 5: To activate the certificate, you must restart all the processes on the ACS View server.
To restart the server from the:
•GUI-Choose System Administration > System Reports > Process Status, and click Restart ACS View Server.
•CLI-Access the CLI in the EXEC mode, and run these commands:
-process stop all
-process start all
regardsSandeep

Mar 08, 2011 | Avocent Cyclades® ACS32 (ATP0156) Server

1 Answer

How to configer email address in lotus notes


From what provider are you trying to configure email?If its gmail,

1. Create a Lotus Notes database file to store your POP emails: Lotus Notes does not create a file automatically as Thunderbird or other mail clients do but you have to manually point the mails to flow to a file that is already existing.
2. In the local Address Book, create two accounts for accepting incoming email and sending outgoing email on Gmail. Names are not important but the configuration on the two accounts is!
Account document for Incoming Gmail:
The Basics tab
a. Account name: Can be anything (I chose In Gmail)
b. Account server: pop.gmail.com
c. Login Name: Your gmail email address (complete with the @gmail.com)
d. Password: Your password
e. Protocol: POP
f. SSL: Enabled
g. Only from Location(s): Doesn't matter. Although I would recommend creating a location document specific for Gmail if you are also using Domino Server. I chose creating a location (Gmail).
Protocol Configuration tab: There is only one field here and it doesn't matter what you do with it.
Advanced Tab: This is the most important tab.
a. Port Number: 995
b. Accept SSL site certificates: Yes (Most of the articles on the web tell you to choose No here. But it does work. Trust me. I have tried it)
c. Accept expired SSL certificates: Yes. (Most of the articles on the web tell you to choose No here. But it does work. Trust me. I have tried it)
d. Send SSL certificates when asked (outbound connections only): No.
e. Verify account server name with remote server's certificate: Disabled
f. SSL protocol version: V3.0 with V2.0 handshake
3. Click on Save and Close to save the document and exit. Now you will need to create another account document to handle the outgoing email.
Account document for Outgoing Gmail:
The Basics Tab
a. Account Name: Can be anything. I chose Out Gmail
b. Account server name: smtp.gmail.com
c. Login Name: Your gmail email address (complete with the @gmail.com)
d. Password: Your password
e. Protocol: SMTP
f. SSL: Enabled
g. Only from Location(s): Doesn't matter. Although I would recommend creating a location document specific for Gmail if you are also using Domino Server. I chose creating a location (Gmail).
Advanced Tab: This is the most important tab.
a. Port Number: 587 or 465 (Both are SSL port and both work)
b. Accept SSL site certificates: Yes (Most of the articles on the web tell you to choose No here. But it does work. Trust me. I have tried it)
c. Accept expired SSL certificates: Yes. (Most of the articles on the web tell you to choose No here. But it does work. Trust me. I have tried it)
d. Send SSL certificates when asked (outbound connections only): No.
e. Verify account server name with remote server's certificate: Disabled
f. SSL protocol version: V3.0 with V2.0 handshake
4. Once these two documents are created, I would recommend creating a location document to ensure that you separate your gmail from your other Domino based account on the client. The steps to create are:
5. In the same local Address Book, choose New --> Location
Basics Tab:
a. Location Type: Local Area Network
b. Location Name: Can be anything (I chose Gmail)
c. Internet Mail Address: Your gmail email address
Leave the rest as it is.
Servers Tab:
a. Home/Mail server: pop.gmail.com
Leave the rest as it is.
Ports tab: No changes (ensure TCPIP is checked)
Mail Tab (Most important):
a. Mail file location: Local
b. Mail file: My Gmail.nsf (whatever you created in step 1 above).
Update: A couple of readers pointed out that I had missed an important step in the configuration how-to. So here it is. Step C has been added to include the missed step.
c. Internet domain for Notes addresses when connecting directly to the Internet: gmail.com
d. Send Outgoing mail: directly to Internet
Leave the rest of the fields as it is.
6. There is no need to change the rest of tabs. Click on Save and Close to create the document.
Change to the the new location and you will see Gmail getting downloaded in the mail file you created.

Jul 27, 2010 | Microsoft Windows XP Professional

1 Answer

While accessing mail i am getting message (error code:ssl_error_rx_record_too_long_


Error code: ssl_error_rx_record_too_long Your SSL website may fail to load and display the error

Error code: ssl_error_rx_record_too_long

This usually means the implementation of SSL on your server is not correct. The error is usually caused by a server side problem which the server administrator will need to investigate.

Below are some things we recommend trying.

- Ensure that port 443 is open and enabled on your server. This is the standard port for https communications.

- If SSL is using a non-standard port then FireFox 3 can sometimes give this error. Ensure SSL is running on port 443.

- If using Apache2 check that you are using port 443 for SSL. This can be done by setting the ports.conf file as follows

— clip —
Listen 80
Listen 443 https
— clip —

- Make sure you do not have more than one SSL certificate sharing the same IP. Please ensure that all SSL certificates utilise their own dedicated IP.

- If using Apache2 check your vhost config. Some users have reported changing <VirtualHost> to _default_ resolved the error.

Mar 18, 2010 | MPC Computers ClientPro 125D PC Desktop

2 Answers

SSL Certificate error:Certificate Mismatch


Go to IIS and right click for the domain where you wish to delete the old certificate associated with it.

Right click website from IIS and click properties. From the Directory Security tab. In The Secure Communications click Server Certificate to open the Webserver Certificate wizard. Click Next and choose "Remove the current certificate". Click next until you follow the end of the wizard.

Jul 20, 2009 | Microsoft Windows Server 2008 Terminal...

1 Answer

I have an IPhone that was purchased recently. It has been fully updated through ITunes. I am trying to connect to a Windows SBS SP2 server. I can connect to other sbs servers just fine. I have compared all...


You have SP2? Is that for Exchange Server or the SBS 2003 OS or both? Make sure you have the latest Service Packs installed for both. I think that's SP2. Exchange Server has to be updated to work with the iPhone. Check that the settings in IIS are the same for Security, Authentication where to use SSL (although different certificate for each server) etc. for OMA, OWA, Exchange etc.

Mar 30, 2009 | Apple iPhone Smartphone

1 Answer

Server certificate


When an SSL certificate is created, the address that will be used to connect to the web page is specified. (www.mywebpage.com) If you are connecting to the IP address of the website, it will tell you that the addres that you have gone to, and the site on teh certificate don't match. There are also some problems with forwarding domain names improperly. what address are you trying to go to, and what exactly does the error say? I have a DI-614, and have never had a problem getting to Secure sites.

Feb 10, 2009 | Microsoft Windows Vista Ultimate Edition

2 Answers

Error message:"Unable to establish a secure connection"


This error can occurs because the VeriSign Certificate Authority (CA) has changed the hashing algorithm that is used for new Secure Sockets Layer (SSL) server certificates from Message Digest 5 (MD-5) to Secure Hash Algorithm 1 (SHA1). A supported fix is now available from Microsoft for Windows CE 2.11 and Pocket Explorer 3.0 this fix can be found at: http://www.microsoft.com/mobile/handheldpc/downloads/128bit.asp Note: After you have downloaded and installed the fix, be sure to soft reset the device.

Sep 14, 2005 | NEC MobilePro 780 Pocket PC

Not finding what you are looking for?
Microsoft Windows Server Standard 2003 for PC Logo

565 people viewed this question

Ask a Question

Usually answered in minutes!

Top Microsoft Computers & Internet Experts

micky dee

Level 3 Expert

2642 Answers

Les Dickinson
Les Dickinson

Level 3 Expert

18375 Answers

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

Are you a Microsoft Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...