• Internet,  Security

    Follow up to Setting up SSL Certs for IIS 10

    As a follow up to this article from the past, I got email from a reader who gave a link to a useful SSL Checker.

    [visual-link-preview encoded=”eyJ0eXBlIjoiZXh0ZXJuYWwiLCJwb3N0IjowLCJwb3N0X2xhYmVsIjoiIiwidXJsIjoiaHR0cHM6Ly93d3cud2Vic2l0ZXBsYW5ldC5jb20vd2VidG9vbHMvc3NsLWNoZWNrZXIvIiwiaW1hZ2VfaWQiOi0xLCJpbWFnZV91cmwiOiJodHRwczovL2R0MnNkZjBkYjh6b2IuY2xvdWRmcm9udC5uZXQvd3AtY29udGVudC90aGVtZXMvd2Vic2l0ZXBsYW5ldC9pbWcvd2Vic2l0ZXBsYW5ldF9pbWFnZS5wbmciLCJ0aXRsZSI6IkZyZWUgU1NMIENoZWNrZXItT25saW5lIFdlYnNpdGUgQ2VydGlmaWNhdGUgQ2hlY2tlciBUb29sIiwic3VtbWFyeSI6Ikp1c3QgZW50ZXIgeW91ciBVUkwgaW50byB0aGlzIGZyZWUgdG9vbCBhbmQgcXVpY2tseSBkZXRlY3QgYW55IGlzc3VlcyB3aXRoIHlvdXIgU1NMIGNlcnRpZmljYXRlIGluc3RhbGxhdGlvbi4gR2V0IHRoZSBmdWxsIGFuYWx5c2lzIGFuZCBleHBpcmF0aW9uIGRhdGUuIiwidGVtcGxhdGUiOiJ1c2VfZGVmYXVsdF9mcm9tX3NldHRpbmdzIn0=”]

    I’ve have used this site (and others) to inspect my SSL deployments. This is handy tool to add to your collection.

    Thanks for the tip Lisa!

    ~ScottGeek

  • Internet,  Security

    Setting up SSL Certs for IIS 10

    So as I enter the world of suffering to get SSL working on some sites… I noticed that most SSL providers (at least the free one I’ve been using) – don’t provide the cert in the file format I need to do just a “import” within IIS. Go figure!

    So what to do?

    Well as it turns out there’s a utility to make the the crt formatted file into a pfx (which is what IIS likes).

    openssl  – look for it on the inter-tubes 

    openssl pkcs12 -export -out anotherCert.pfx -inkey private.key -in certificate.crt

    Another point… I generally use SSL For Free for creating quick free SSL certs- they only last 90 days, but if you want longer lasting Certs… yeap you have to pay for them.

     And finally, hosting multiple sites on a single IP and IIS server, one does need to get specific site SSL certs. The thing to remember to so make sure you select the “Require Server Name” check box as on, in the Bindings config. Otherwise you will get an error when selecting a site SSL cert. The warning message will say something to the effect of the cert being set for all sites being hosted. Ya that’s not what you want of course, as a cert for Site.Name.Domain will get assigned to all the sites being hosted. It’s a simple check box to miss, but it’s important.