Monday, November 22, 2010

Deleted SSL Certificate Request - Recreate Request

After importing a new certificate, I deleted it because the friendly name was blank. (little did I know that was a known error with a simple fix.) However, I figured I had done something wrong when I installed so I deleted the certificate, which left me with no pending certificate request to complete the install again.

So now, I had to either contact the CA and re-process the request, or somehow get my pending request back. I went for 'get my pending request back'.

After googling for this info, I was able to find some help on this. So these are the steps I did to accomplish this. (Windows 2008 Server/IIS 7)


1. Click Start, point to Run, type cmd, and then click OK.

2. Navigate to the directory where Certutil.exe is stored; by default, this is %windir%\system32.

3. Type the following command at the command prompt: certutil -addstore my "C:\junk\www_sitename_com.cer" *a little note "my" is a part of the command, at first i thought it was part of an example name.

You should see the following message somewhere in the message that follows: CertUtil: -addstore command completed successfully.

4. Get the Thumbprint of the certificate.

5. Start- type 'mmc'. File - Add/Remove Snapin. Add Certificates, Select Local Computer.

6. Next, go to: Certificates - Certificate Enrollment Requests - Certificate. Double-click the certificate.

7. Go to the Details tab, scroll down, copy the weird thumbprint value, paste into Notepad for reference.

8. Return to the Command prompt, type the following command: certutil -repairstore my "xx dd xx xx oo" (include your own thumbprint value in double quotes.)

Go back to the IIS and follow the steps to Complete Certificate request.

And, btw, don't forget to go back to the IIS manager, and select the new certificate for the SSL/HTTPS binding
for the site.

Monday, November 15, 2010

IIS 7 Secure Files Type like .txt or .html

I've had an .Net 2.0/IIS 4 site running for a long time that was to provide access to documents, but the documents were to be categorized and secured. I did my best to obscure the file structure and document names and not allow bot files in. But I was never quite satisfied with this because you could not fully secure the files such as .doc, or .txt. There was potential to serve up these pages, very annoying.

My understanding of the IIS 7.0/4.0 Integrated Pipeline is that you can secure files other than .aspx. I started using IIS 7 months ago, but never really understood what this new integrated pipeline could do for me until recently. I had to dig to even figure this out on my own. sigh...

Anyhow, by putting your site in 4.0 Integrated Pipeline mode and adding a few configuration lines to a "Form secured site", you can now require security on those "other" file types. Yes, just what i needed!

It was pretty simple, and I am hoping I'm right on with my understanding. If I'm wrong please let me know!!

I just modified the Application Pool to use 4.0 Integrated Mode. Then added the following lines to the web.config, inside the system.webserver tag:
<modules>
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />

</modules>