CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IIS6 Cosign installer

If anybody else notices that the installer doesn't create a private key and certificate signing request, please let me know. I went through a fresh install process and was unable to create this behavior.

However, if the installer happens to fail to create your key and csr, all is not lost. You can still do it manually and it's pretty straightforward.

An addendum to the instructions below (found in the readme.txt file): you will need to edit the umconfig.cfg before generating the csr! After opening umconfig.cfg it should be pretty clear what to change. (For example: replace INSERTSTATE with Michigan or Pennsylvania. :) Since umconfig.cfg will be edited directly you will not be prompted to enter this info as described in step 3. Also, replace all references below to U-M and with your organization. Sorry this hasn't been generic-ified yet.


+--== Using Openssl.exe to create certificates ==--+

If you skipped the auto-generating cert feature of the installer you can
still use the openssl utility to do this.

1) Open a command prompt and cd to your IISCosign folder.  Assuming you
  opted to install the openssl component you should see the openssl
  executable in this folder.

2) Run the following commands:

openssl genrsa 1024 > [].key

openssl req -new -config umconfig.cfg -key [].key -out [].csr

3) When prompted for information, please provide the appropriate data. The
  common name will be the name of your server and the contact e-mail
  should be the e-mail of the person to be notified when the certificate
  is about to expire.

4) Send an e-mail to webmaster@xxxxxxxxxx Cut-and-paste the contents of the
  *.csr file into your e-mail.

5) Place the UmWebCA.pem file, *.key file you generated, and the *.cert file
you receive from the webmaster into your C:\[cosign path]\SSL\ folder.

6) Update your XML configuration file to point to these files.

The CAFilePath item points to the umwebca.pem file.

   The ChainFilePath item specifies the [yourservername].cert file that you
   received from the U-M webmaster.

   The PrivateKeyFilePath item points to the [yourservername].key private
   key file that you generated. Be sure to include the full path such as
    C:\Program Files\CosignFilter\SSL\servername.key.

7) See +What to do next+ section of this readme.

--On Thursday, October 07, 2004 6:41 AM -0400 Konstantin Voyk <kvoyk@xxxxxxxxx> wrote:

Jarod, This is new installation and I ran certificate creation wizard but I dind't get any *.key or *.csr files in installation IISCosign folder and appropriate subfolders. I did it twice. Konstantin.

-----Original Message-----
From: jarod@xxxxxxxxxxxxxx [mailto:jarod@xxxxxxxxxxxxxx] On Behalf Of
Jarod Malestein
Sent: Wednesday, October 06, 2004 4:43 PM
To: Konstantin Voyk; cosign-discuss@xxxxxxxxx
Subject: Re: IIS6 Cosign installer

Were you upgrading from a previous version of IISCosign or were you installing on a machine that did not have an earlier version of IISCosign?

The files that should be created by the installer, assuming you go
through  the automatic cert creation, are a certificate signing request
(*.csr) and  a private key (*.key).


--On Wednesday, October 06, 2004 7:48 AM -0400 Konstantin Voyk
<kvoyk@xxxxxxxxx> wrote:

> Hi everybody,
> I downloaded and ran new installer IISCosignInstaller 1.1.0 RC1. I
> passed installation    and creation certificate request part but didn't
> find any .cer file in IISCosing folders. Is it bug there in
> installation package or I did something wrong?
> Thank you,
> Konstantin Voyk.
> LawIT

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010