Question about Microsoft Windows Server Standard 2003 for PC

1 Answer

Binding SSL certificates using command line.

Is there a way to implement a SSL certificate using CLI on Windows 2003 server (IIS 6.0)?

Posted by on

  • Jorge Alexandres
    Jorge Alexandres Mar 18, 2009

    Yes, I've downloaded the IIS Resources, the IISCerDeploy.vbs script will work to deploy certificates from the command prompt, the certificate request will need to have been generated in the server.

×

1 Answer

  • Level 1:

    An expert who has achieved level 1.

    MVP:

    An expert that got 5 achievements.

    Governor:

    An expert whose answer got voted for 20 times.

    Hot-Shot:

    An expert who has answered 20 questions.

  • Contributor
  • 22 Answers

Hello!

As far as I know, there isn't an easy way of doing this. I've always just deployed certificates using the GUI interface of Internet Information Services. However, your question is a good one, and would be a very handy thing as systems that just run in the command line like Server 2008 in certain configurations run with better performance and less surface area. Great thinking! So I started looking around.

All I could find was the following article, which we know how to implement in the interface.

How to implement SSL or TLS secure communications

Pay close attention to paragraph 3, it looks like it hints towards a few different command line options. Then I found the article below.

IIS 6.0 Resource Kit Tools

IIS Cert Deploy VBS is the closest thing I can find to doing something like what you're describing. It looks like a sample file is included in the kit, and you may find some other options available to you as well in those command line executables included in the IIS kit.

That's the only information I can provide you with unfortunately! I wish I could give you more information because you raise a great point in being able to add a certificate within the command line. I searched around Microsoft knowledgebase articles for awhile and couldn't find anything related except for those links there. You can generate a certificate in the command line, I found a few articles on that, and I believe they mention it in the first link I gave you as well. But as far as implementing to a certain site, that seems to be the part where an interface is required unless that VBS script does anything for you.

Best of luck!

Posted on Mar 18, 2009

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

SSL certificate error : SSLPassPhraseDialog builtin is not supported on Win32 . Please Help


Generate Keyopenssl genrsa -des3 -out startssl.key 2048Remove Pass Phraseopenssl rsa -in startssl.key -out server.key
Generate CSRopenssl req -new -key server.key -config "c:\xampp\apache\openssl.cnf" -out server.csr Configure it
give csr at startssl and get certificate and run ... BEST OF LUCK
Useserver.key and certificate u got

Dec 31, 2011 | Operating Systems

1 Answer

How to configer email address in lotus notes


From what provider are you trying to configure email?If its gmail,

1. Create a Lotus Notes database file to store your POP emails: Lotus Notes does not create a file automatically as Thunderbird or other mail clients do but you have to manually point the mails to flow to a file that is already existing.
2. In the local Address Book, create two accounts for accepting incoming email and sending outgoing email on Gmail. Names are not important but the configuration on the two accounts is!
Account document for Incoming Gmail:
The Basics tab
a. Account name: Can be anything (I chose In Gmail)
b. Account server: pop.gmail.com
c. Login Name: Your gmail email address (complete with the @gmail.com)
d. Password: Your password
e. Protocol: POP
f. SSL: Enabled
g. Only from Location(s): Doesn't matter. Although I would recommend creating a location document specific for Gmail if you are also using Domino Server. I chose creating a location (Gmail).
Protocol Configuration tab: There is only one field here and it doesn't matter what you do with it.
Advanced Tab: This is the most important tab.
a. Port Number: 995
b. Accept SSL site certificates: Yes (Most of the articles on the web tell you to choose No here. But it does work. Trust me. I have tried it)
c. Accept expired SSL certificates: Yes. (Most of the articles on the web tell you to choose No here. But it does work. Trust me. I have tried it)
d. Send SSL certificates when asked (outbound connections only): No.
e. Verify account server name with remote server's certificate: Disabled
f. SSL protocol version: V3.0 with V2.0 handshake
3. Click on Save and Close to save the document and exit. Now you will need to create another account document to handle the outgoing email.
Account document for Outgoing Gmail:
The Basics Tab
a. Account Name: Can be anything. I chose Out Gmail
b. Account server name: smtp.gmail.com
c. Login Name: Your gmail email address (complete with the @gmail.com)
d. Password: Your password
e. Protocol: SMTP
f. SSL: Enabled
g. Only from Location(s): Doesn't matter. Although I would recommend creating a location document specific for Gmail if you are also using Domino Server. I chose creating a location (Gmail).
Advanced Tab: This is the most important tab.
a. Port Number: 587 or 465 (Both are SSL port and both work)
b. Accept SSL site certificates: Yes (Most of the articles on the web tell you to choose No here. But it does work. Trust me. I have tried it)
c. Accept expired SSL certificates: Yes. (Most of the articles on the web tell you to choose No here. But it does work. Trust me. I have tried it)
d. Send SSL certificates when asked (outbound connections only): No.
e. Verify account server name with remote server's certificate: Disabled
f. SSL protocol version: V3.0 with V2.0 handshake
4. Once these two documents are created, I would recommend creating a location document to ensure that you separate your gmail from your other Domino based account on the client. The steps to create are:
5. In the same local Address Book, choose New --> Location
Basics Tab:
a. Location Type: Local Area Network
b. Location Name: Can be anything (I chose Gmail)
c. Internet Mail Address: Your gmail email address
Leave the rest as it is.
Servers Tab:
a. Home/Mail server: pop.gmail.com
Leave the rest as it is.
Ports tab: No changes (ensure TCPIP is checked)
Mail Tab (Most important):
a. Mail file location: Local
b. Mail file: My Gmail.nsf (whatever you created in step 1 above).
Update: A couple of readers pointed out that I had missed an important step in the configuration how-to. So here it is. Step C has been added to include the missed step.
c. Internet domain for Notes addresses when connecting directly to the Internet: gmail.com
d. Send Outgoing mail: directly to Internet
Leave the rest of the fields as it is.
6. There is no need to change the rest of tabs. Click on Save and Close to create the document.
Change to the the new location and you will see Gmail getting downloaded in the mail file you created.

Jul 27, 2010 | Microsoft Windows XP Professional

1 Answer

Certificate erro: navigation blocked, what can I do to fix it


This normally means that the web site you are going to is using a SSL certificate to identify itself and to encrypt any data that is transferred between the server and your browser.

The certificate is probably out of date or it is being used on a site with a different name that it was originaly issued to.

This could mean that the web site is a fake or up to no good.

If you trust the web site and want to go there anyway You need to tell your web browser to allow you to go there. How you do this depends on the browser you are using. If I assume you are using Internet Explorer you can go into Tools -> Internet Options -> Security Options -> Trusted Sites -> Sites.

You can add this site to your trusted sites list. But you need to know that this site really can be trusted.

I would be more inclined to figure out why their certificate is being blocked. Send a message to the company that owns the page.

Hope this helps.

Aug 15, 2009 | Microsoft Operating Systems

1 Answer

Server certificate


When an SSL certificate is created, the address that will be used to connect to the web page is specified. (www.mywebpage.com) If you are connecting to the IP address of the website, it will tell you that the addres that you have gone to, and the site on teh certificate don't match. There are also some problems with forwarding domain names improperly. what address are you trying to go to, and what exactly does the error say? I have a DI-614, and have never had a problem getting to Secure sites.

Feb 10, 2009 | Microsoft Windows Vista Ultimate Edition

1 Answer

Active Directory in 2003 server


If active Directory is not in administrative tools then it is likely that the machine is not configrued as a domain controller. You will need to add this as a role through server manager. Once configured as a domain controller Active Directory will appear under admin tools

Jan 12, 2009 | Microsoft Windows Server Standard 2003 for...

1 Answer

My live messenger


Here are suggestions from the Microsoft WLM group: Clear the SSL Cache:
Start Microsoft Internet Explorer.
On the Tools menu, click Internet Options, and then click the Content tab.
Under Certificates, click Clear SSL State.
When you receive the message that states that the SSL cache was cleared successfully, click OK.
Clear the temporary Internet Files:
Start Microsoft Internet Explorer.
On the Tools menu, click Internet Options, and then click the General tab.
Under "Temporary Internet Files", click on "Delete Files".
Check "Delete Offline content" and click on OK twice.
Reregister SSL security libraries. To do this, click Start, click Run, and type in each command below and hit ENTER.
Note: After each command is executed successfully, you will receive a "DllRegisterServer succeeded" message. Wait until you receive this message before you continue to the next command:
REGSVR32 softpub.dll
REGSVR32 wintrust.dll
REGSVR32 initpki.dll
REGSVR32 Rsaenh.dll
REGSVR32 Mssip32.dll
REGSVR32 Cryptdlg.dll
REGSVR32 Dssenh.dll
REGSVR32 Gpkcsp.dll
REGSVR32 Slbcsp.dll
REGSVR32 Sccbase.dll
Remove all Microsoft related entries from the "Untrusted Publishers" list.
Open Internet Explorer.
Click on the Tools menu followed by Internet Options.
Go to Content tab.
Choose Certificates.
Go to Untrusted Publishers tab.
Delete all the entries in Untrusted Publishers that have Microsoft Corporation under the "Issued to" list.
Adjust your Microsoft Internet Explorer security settings:
Start Internet Explorer.
On the Tools menu, click Internet Options, and then click the Advanced tab.
In the Security section, make sure that all the following check boxes are selected:
Clear the Check for server certificate revocation check box.
Use SSL 2.0
Use SSL 3.0
Verify the date and time settings on your computer:
Click Start, click Run and type in control timedate.cpl and hit ENTER.
Verify that the date and time settings are set correctly.
Clear the entry in the Hosts file:
Click Start, click Run and type %windir%\system32\drivers\etc and hit ENTER.
In the Microsoft Windows Explorer folder window that opens, look for the Hosts file.
Right-click the Hosts file, click Open with, and then click Notepad.
Delete any entries that relate to the passport.com domain, such as Loginnet.passport.com, LoginMSNIA.passport.com, or Login.passport.com, passport.net
Save and then close the Hosts file.
Clear the DNS cache:
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type ipconfig /flushdns, and then press ENTER. This command flushes all the DNS entries that have been cached.
Restart the computer and try to sign into Messenger again.
If you are running a firewall, and if the computer is running third-party (non-Microsoft) software or firewall software, such as ZoneAlarm, Norton Internet Security, or McAfee, make sure that the software is set to let Windows Live Messenger operate, and then try to sign in to MSN Messenger again.


This was not my solution credit goes to the Microsoft WLM group


-Blazamane


Dec 13, 2008 | Microsoft Windows XP Professional for PC

1 Answer

Error code:12045 in windows vista


is this he first time that you received that problem/error?
some sites have security/authorization/ certification before you can sign in..
***This error occurs when the client does not know about the certificate authority that issued the server certificate. The problem may be corrected by installing the certificate authority's root certificate. A list of all installed certificates can be viewed from Internet Explorer. From the View menu, click Internet Options, click the Content tab, and click Authorities.

>> for more info go to support.microsoft.com

Jul 17, 2008 | Microsoft Windows Vista Ultimate Edition

8 Answers

Message Sending from windows 2003 server


GO TO YOUR EXPRESS AND REPLY ALL. MAILS TO EVERYONE IN YOUR BOOK.

Jan 21, 2008 | Microsoft Windows Server Standard 2003 for...

1 Answer

2003 problem


Hi It depend what you want to do.Both course is good. CCNA: The Cisco CCNA network associate certification validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks, including implementation and verification of connections to remote sites in a WAN. This new curriculum includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills. This new curriculum also includes (but is not limited to) the use of these protocols: IP, Enhanced Interior Gateway Routing Protocol (EIGRP), Serial Line Interface Protocol Frame Relay, Routing Information Protocol Version 2 (RIPv2),VLANs, Ethernet, access control lists (ACLs) More information about CCNA: http://cisco.com/web/learning/le3/le2/le0/le9/learning_certification_type_home.html MSCE: Read this will help you decide. http://www.microsoft.com/learning/mcp/mcse/windows2003/default.mspx Good Luck.

Sep 15, 2007 | Microsoft Windows Server Standard 2003 for...

Not finding what you are looking for?
Microsoft Windows Server Standard 2003 for PC Logo

565 people viewed this question

Ask a Question

Usually answered in minutes!

Top Microsoft Operating Systems Experts

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

Scott Fryer

Level 2 Expert

80 Answers

Carlos L. Burgos
Carlos L. Burgos

Level 2 Expert

508 Answers

Are you a Microsoft Operating System Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...