|
|
|
|
Technical Support |
|
[ Contact us 24x5 ] |
|
|
Microsoft IIS4 faqs |
|
|
|
| Choose from our detailed faqs below: |
|
|
|
|
|
|
|
|
| Choose from our detailed faqs below: |
|
|
| To generate a private key and CSR on Microsoft IIS 4.0 please the read instructions in the following link: http://www.thawte.com/ssl-digital-certificates/technical-support/keygen/iis4_keygen.html
|
|
|
| To backup a private key on Microsoft IIS 4.0 follow the instructions in the following link: http://www.thawte.com/ssl-digital-certificates/technical-support/backup.html
|
|
|
| To install a Web Server Certificate on IIS 4.0 follow these instructions: http://www.thawte.com/ssl-digital-certificates/technical-support/iis4_install.html
To install a SGC SuperCert on IIS 4.0 follow these instructions:http://www.thawte.com/ssl-digital-certificates/technical-support/iis4_install.html
To install a SSL123 Certificate on IIS 4.0 follow these instructions: http://www.thawte.com/ssl-digital-certificates/technical-support/iis4_install.html
To install a SSL Web Server Wildcard Certificate on IIS 4.0 follow these instructions:
http://www.thawte.com/ssl-digital-certificates/technical-support/iis4_install.html
|
|
|
If the CSR and private key was created under the SMTP Service instead of the WWW Service on Microsoft IIS 4.0 then it can be moved to the WWW Service using the following instructions:
To export the certificate and private key:
1. Go into Key manager within Microsoft IIS 4.0
2. Select the keypair under the SMTP service
2. Export the private key and certificate keypair by going to Key > Export Key> Backup File.
3. The default format is a .key file.
4. Store the exported key in secure location like a disk. It is important to make a copy of the private key that does not reside on the actual server, in the event that the server crashes
To import the keypair backup file:
1. Go into Key manager within Microsoft IIS 4.0
2. Select the WWW service.
3. From the Key menu in Key Manager, choose Import Key and then Backup File.
4. Select the .key backup file name from the list, and click Open.
5. Enter the private key password and proceed to import the file.
6. The keypair is now installed under the WWW service. Please assign a unique ip address and enable port 443 in the key bindings.
|
|
|
| Moving to another server is not as easy as simply moving the certificate. It depends on whether you can:
|
| 1. Export your private key from your current ISP/server in a standard format; and
|
| 2. Import the private key into the new server.
|
| If you are moving the certificate from one server to an installation of the same server type then your chances are quite good. But if you are moving the certificate and private key from one web server type to another, then the chances of moving the private key are minimal.
|
| There are some workarounds you can perform to try and accomplish the conversion of a private key from one server format to another. We do not guarantee these 'fixes', however, they may save you the trouble of requesting a new certificate or a reissue.
|
| Below are some of the most common certificate moves between server using a Microsoft IIS 4.0 web server:
|
| To move a certificate from IIS 4.0 to IIS 4.0 follow these instructions: SO496
|
| To move a certificate from IIS 4.0 to IIS 5.0 follow these instructions: SO188
|
| To move a certificate from IIS 4.0 to Apache follow these instructions: SO856
|
| To move a certificate from IIS 4.0 to IIS 6.0 follow these instructions: SO1700
|
|
|
| To troubleshoot your Microsoft IIS 4.0 SSL Connectivity follow the instructions in the following Knowledge Base solution: SO321
|
|
|
| IIS 4.0 Errors: |
|
|
|
There are a number of reasons for this error message. To troubleshoot this error, go through all the options below:
1. Using the incorrect password for the private key
To install a certificate successfully without receiving this error message, enter the correct password when prompted. The password is case sensitive, so make sure that Caps lock isn't activated.
To resolve this problem follow the instructions in the following Knowledge Base solution: SO4189
2. Specifying two text files when installing the certificate. Instead of the private key and the certificate
When installing a certificate in Microsoft IIS 4.0 you need two files. A private key file, which is in a key file format and a certificate file, which is a text (.txt) format. This error message can occur if you are specifying two text files and not a text file and a key file.
Usually the CSR and certificate are imported causing this error message. The CSR and certificate are both public key files. If you cannot find the private key please reissue your certificate using the instructions in the following Knowledge Base solution: SO470
3. The private key was generated using Apache.
If you generated your private key using Apache, and have transferred it over to a Microsoft IIS 4.0 machine, you must convert the key to a format Microsoft IIS 4.0 will understand, before you can import it.
To resolve this problem follow the instructions in the following Knowledge Base solution: SO7409
4. Installing the certificate on the incorrect key.
If you are absolutely certain the pass phrase is correct, you will also get this error if you try to install the certificate on the wrong private key. Check any other keys you have in the Key Manager, to see if the certificate installs.
To resolve this problem follow the instructions in the following Knowledge Base solution:
SO4190
5. If you are sure the pass phrase is correct, then the error is being caused by a bug in the schannel.dll file that your server uses to store the key pass phrase.
To resolve this you have to install a hot fix that Microsoft has released for this bug:
You can download a corrected keyring.exe file for US and most country specific versions of Microsoft NT 4.0. You should not run this fix for the French version of Microsoft NT 4.0.
a. Download the Microsoft hot fix. The hot fix can be downloaded from the following link: http://www.thawte.com/html/SUPPORT/keygen/capi2fix.zip
b. Unzip the file.
c. There are 6 files in total. All you need is the "keyring.exe" file
for your architecture.
d. Stop IIS.
e. Backup your "C:\winnt\system32\inetsrv\keyring.exe" file.
f. Copy the new file to that location.
g. Start IIS and install the certificate.
|
|
|
| This error occurs because the certificate format is incorrect. Please ensure that there are no spaces in between the lines in the certificate and that there are no spaces before and after the certificate. You can manually press "delete" at the end of each line of the certificate and then submit it.
Please make sure that there are 5 dashes on each side of Begin and End Certificate, -----Begin Certificate----- / -----End Certificate-----.
|
|
|
| This error message occurs for 2 reasons:
1. Certificate format is incorrect
Please ensure that there are no spaces in between the lines in the certificate and that there are no spaces before and after the certificate. You can manually press "delete" at the end of each line of the certificate and then submit it.
Please make sure that there are 5 dashes on each side of Begin and End Certificate, -----Begin Certificate----- / -----End Certificate-----.
2. If the certificate format is correct then the error is being caused by a bug in the Microsoft service packs.
There is a Microsoft fix that can be installed to resolve this problem, follow these instructions to install the fix:
a. Download the Microsoft hot fix. The hot fix can be downloaded from the following link: http://www.thawte.com/html/SUPPORT/keygen/capi2fix.zip
b. Unzip the file.
c. There are 6 files in total. All you need is the "keyring.exe" file
for your architecture.
d. Stop IIS.
e. Backup your "C:\winnt\system32\inetsrv\keyring.exe" file.
f. Copy the new file to that location.
g. Start IIS and install the certificate.
|
|
|
|
There are a number of reasons for this error message. To troubleshoot this error, go through all the options below
1. Attaching the CSR to the private key file instead of the certificate.
To install the certificate, you need to attach the public key (certificate file) to the corresponding private key and not the CSR. Open the file you are using, and check that it is your certificate file and not the CSR file. Please make sure that the file contains the correct header and footer, -----Begin Certificate----- / -----End Certificate-----.
2. Installing the certificate on the incorrect private key file.
To install the certificate, you need to attach the certificate file to the corresponding private key file. To resolve this problem follow the instructions in the following Knowledge Base solution: SO7130
3. Old (expired) certificate is being installed instead of the recently renewed certificate.
This error will occur if the certificate has been recently renewed and the old (expired) certificate is being installed on the new private key file. Please download the renewed certificate and try install the certificate again.
For more Microsoft IIS 4.0 resources please visit our software vendor page at the following link: http://www.thawte.com/support/vendors.html
|
|
|
|
|
|
|
|
