cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IIS6 Cosign installer
If anybody else notices that the installer doesn't create a private key and
certificate signing request, please let me know. I went through a fresh
install process and was unable to create this behavior.
However, if the installer happens to fail to create your key and csr, all
is not lost. You can still do it manually and it's pretty straightforward.
An addendum to the instructions below (found in the readme.txt file): you
will need to edit the umconfig.cfg before generating the csr! After
opening umconfig.cfg it should be pretty clear what to change. (For
example: replace INSERTSTATE with Michigan or Pennsylvania. :) Since
umconfig.cfg will be edited directly you will not be prompted to enter this
info as described in step 3. Also, replace all references below to U-M and
umich.edu with your organization. Sorry this hasn't been generic-ified yet.
+--== Using Openssl.exe to create certificates ==--+
If you skipped the auto-generating cert feature of the installer you can
still use the openssl utility to do this.
1) Open a command prompt and cd to your IISCosign folder. Assuming you
opted to install the openssl component you should see the openssl
executable in this folder.
2) Run the following commands:
openssl genrsa 1024 > [server.name.umich.edu].key
openssl req -new -config umconfig.cfg -key [server.name.umich.edu].key -out
3) When prompted for information, please provide the appropriate data. The
common name will be the name of your server and the contact e-mail
should be the e-mail of the person to be notified when the certificate
is about to expire.
4) Send an e-mail to webmaster@xxxxxxxxxx Cut-and-paste the contents of the
*.csr file into your e-mail.
5) Place the UmWebCA.pem file, *.key file you generated, and the *.cert
you receive from the webmaster into your C:\[cosign path]\SSL\ folder.
6) Update your XML configuration file to point to these files.
The CAFilePath item points to the umwebca.pem file.
The ChainFilePath item specifies the [yourservername].cert file that you
received from the U-M webmaster.
The PrivateKeyFilePath item points to the [yourservername].key private
key file that you generated. Be sure to include the full path such as
7) See +What to do next+ section of this readme.
--On Thursday, October 07, 2004 6:41 AM -0400 Konstantin Voyk
This is new installation and I ran certificate creation wizard but I
dind't get any *.key or *.csr files in installation IISCosign folder and
appropriate subfolders. I did it twice.
From: jarod@xxxxxxxxxxxxxx [mailto:jarod@xxxxxxxxxxxxxx] On Behalf Of
Sent: Wednesday, October 06, 2004 4:43 PM
To: Konstantin Voyk; cosign-discuss@xxxxxxxxx
Subject: Re: IIS6 Cosign installer
Were you upgrading from a previous version of IISCosign or were you
installing on a machine that did not have an earlier version of IISCosign?
The files that should be created by the installer, assuming you go
through the automatic cert creation, are a certificate signing request
(*.csr) and a private key (*.key).
--On Wednesday, October 06, 2004 7:48 AM -0400 Konstantin Voyk
> Hi everybody,
> I downloaded and ran new installer IISCosignInstaller 1.1.0 RC1. I
> passed installation and creation certificate request part but didn't
> find any .cer file in IISCosing folders. Is it bug there in
> installation package or I did something wrong?
> Thank you,
> Konstantin Voyk.