Using OpenSSL for secure communication in IIS6 in a Windows 2003 environment

1. Install OpenSSL

2. Go to the OpenSSL prompt and create the necessary keys with the following commands.

genrsa -des3 -out server.key 2048

req -new -key server.key -out server.csr -config C:\OpenSSL-Win32\bin\openssl.cfg -batch

genrsa -des3 -out ca.key 2048

req -new -x509 -days 365 -key ca.key -out ca.crt -config C:\OpenSSL-Win32\bin\openssl.cfg -batch

x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extensions usr_cert -extfile C:\OpenSSL-Win32\bin\openssl.cfg

pkcs12 -export -in server.crt -inkey server.key -out server.pfx -name "MyTestCert"


3. Place the server.pfx in the 'Default Web Site' Directory Security in IIS.


4. Import the necessary Certificates to every client PC either manually by:

a. Import ca.crt to client PC's Certificate Store, inside "Trusted Root Certificate Authorities".
b. Import server.crt to client PC's Certificate Store, inside "Intermediate Certification Authorities".
c. Import server.crt to client PC's Certificate Store, inside "Trusted Publishers".