Run Archive Server for MDaemon in HTTPS

echinoidqueenΔιακομιστές

4 Δεκ 2013 (πριν από 3 χρόνια και 10 μήνες)

103 εμφανίσεις



Archive Server for MDaemon
Run Archive Server for MDaemon in HTTPS
Introduction................................................................................................2

Part 1 - Creating a Certificate Signing Request...............................................3

Create a certificate request using IIS manager.......................................................3

Part 2 - Creating and using a self-signed SSL Certificate.................................8

Part 3 - Access to ASM by HTTPS................................................................15



. 2 .

Introduction
Typically, Secure Socket Layer (SSL) Certificates are created for domains by first generating a
Certificate Signing Request (CSR) through Internet Information Services (IIS), sending the
request to a known Certification Authority, such as GeoTrust, which generates a corresponding
Certificate file for use in conjunction with the CSR, completing the request and securing
communications on the domain.

However, IIS does come with the ability to create a “self-signed” certificate, in which the server
generating the CSR also generates the corresponding Certificate file. These are mainly used for
testing, development and troubleshooting, as the certificate will only be recognized as
valid by the server it is hosted on. Attempting to view the secured domain externally
would receive an error that the certificate is not valid, as it has not been approved nor is
recognized by a known Certification Authority.

This tutorial describes the steps for creating a self signed SSL certificate for use with the
Microsoft IIS web server to allow Archive Server for MDaemon (ASM) to support the HTTPS
protocol. It is geared towards Microsoft Windows XP and IIS 5.1. Part 1 will cover the creation of a
certificate request. Part 2 will explain how to create and use a self signed SSL certificate. Part 3 will
show how to access to ASM by HTTPS.

. 3 .

Part 1 - Creating a Certificate Signing Request
This is the first step in creating a SSL secured site.
Create a certificate request using IIS manager
1. Open Internet Information Services from Administrative Tools in Control Panel.
2. Expand the tree and right click on your web site and select Properties.

3. When the web site properties dialog box appears, click on the Directory Security tab then click
on the Server Certificate button.


. 4 .

4. The Web Server Certificate Wizard appears, click Next.

5. Select the first option, Create a new certificate, then click Next.

6. Select Prepare the request now, but send later option, then click Next.


. 5 .

7. You can give the certificate any name you wish. It is probably best to give it the same name as
your web site. Set the bit length to 1024 and do not check the bottom checkboxes, then click
Next.

8. Set the Organization field to the name of your company or whatever you want. Set the
Organization unit to the department the certificate will belong to. You can put anything you
want here since this is a self signed certificate. If it were a real certificate request, you would put
your company name and unit. Click Next.

9. The Common name is the web site address the certificate will cover. This could be
www.yourcompany.com or secure.yourcompany.com. You will need a valid DNS name if you plan
on accessing your secure site through the Internet. In this case we are using localhost which
means we will be accessing our site locally (yes, accessing it locally defeats the purpose of a
secure site. Keep in mind this is just a tutorial). Enter your common name and click Next.


. 6 .

10. Set the Country, State, and City fields to where your server is located, then click Next.

11. Enter a File name for your certificate request. To keep things simple we will just place it in the
root. Click Next.

12. The IIS Certificate Wizard displays a summary of the values you entered. If you find any
mistakes click the Back button and correct the errors. When you are done click Next.


. 7 .

13. Congratulations, you have just created a certificate request. Click Finish.

14. We have just finished creating our certificate signing request.

. 8 .

Part 2 - Creating and using a self-signed SSL
Certificate
There are many free tools to create a self-signed SSL certificate for any hosted domain on your
server. In this tutorial we use SSL Diagnostics Kit v1.1, which can be obtained free of charge from
Microsoft via the following URL:
http://www.microsoft.com/DownLoads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en


1. Given the option to either Run or Save the file, choose Save.

2. For now, let's save the file to the desktop. Click Save again.

3. Once the download is complete, double-click the icon to begin the installation.


. 9 .

4. Click Next on the initial window.

5. Click the option to accept the terms of the License Agreement, and click Next.

6. Enter your desired Name and Company information, and click Next.


. 10 .

7. The next screen will provide options for which type of installation you prefer. You can click
Complete to install the Diagnostics.

8. You are now ready to install the diagnostics. Click Install.

9. When the installer confirms it has completed, click Finish.


. 11 .

10. Now, we need to get some information from IIS before we can generate the self-signed
certificate. Open IIS by navigating to Start > Administrative Tools > Internet Information
Services (IIS) Manager.

11. Once IIS is open, expand the Server Name, then click on the Web Sites folder. This will bring up
a list of all web sites on the server in the right-hand pane. You will notice that each site has a
unique number assigned to it under the Identifier column. This is the number which we need in
order to create the self-signed certificate. As you can see, the Identifier for example.com is
957.

12. Next, we need to open a DOS Prompt. You can do this by navigating to Start > Run, typing
CMD, and clicking OK.


. 12 .

13. Once the DOS prompt is open, we will need to navigate to the directory where the SSL
Diagnostic Toolkit is located. This directory is C:\Program Files\IIS Resources\SSLDiag. To
navigate to this directory, at the DOS prompt, enter the following command:
cd C:\Program Files\IIS Resources\SSLDiag
The cd command stands for Change Directory. Press Enter once the command is typed in, and
the prompt will bring you right to the directory, as seen below.

14. Now, we need to enter the command which will actually create the certificate. The base
command to create the certificate is ssldiag/selfssl, however command requires certain
parameters for the certificate to be successfully created. These parameters are as follows:

/N: - This specifies the common name of the certificate. The computer name is used
if there is no common name specified.

/K: - This specifies the key length of the certificate. The default is length 1024.

/V: - This specifies the amount of time the certificate will be valid for, calculated in
days. The default setting is seven days.

/S: - This specifies the Identifier of the site, which we obtained earlier. The default
will always be 1, which is the Default Web Site in IIS.
Let's use the following command to create a self-signed certificate for example.com which is
valid for two years, using a common name of www.example.com, a key length of 1024:
ssldiag /selfssl /N:CN=example.com /K:1024 /V:730 /S:957

15. Once you have set the parameters to your preference, enter the command into the DOS prompt,
and press Enter. After pressing Enter, the DOS prompt will simply move to the next line.


. 13 .

16. Now, we can check IIS and verify the certificate is now in place. Using the steps outlined above,
navigate back to IIS, right-click on the domain, and choose Properties.

17. Inside the Properties window, click on the Directory Security tab.


. 14 .

18. On the Directory Security tab, under the Secure Communications heading, click on the
View Certificate button, as it is now enabled.

19. This windows confirms the certificate has been successfully installed. Note the Issued By field,
as typically the issuer would be a known Certification Authority, such as GeoTrust, however here
the issuer is example.com. This confirms the certificate is self-signed. Click OK to close the
window.

20. You can now view the site on the server under a secure heading. Again, please note that as the
certificate is self-signed, and does not have a matching Root Certificate from a Certification
Authority, attempting to view the site under a secure heading from an external location will cause
a certificate error. Self-signed certificates should only be used for testing and development, and
under no circumstances should be substituted for a CA-approved SSL Certificate.

. 15 .

Part 3 - Access to ASM by HTTPS
Open your browser, for example Internet Explorer and go to: https://<asm servername>/asm.
You should get an error page like this:

This is correct since the self-signed certificate is not certificated by a Certification authority as we said
at the beginning of this tutorial.
Click on the link with the red icon (“Continuare con il sito Web (scelta non consigliata)” in this
sample). The Archive Server for MDaemon login page should appear:





Archive Server for MDaemon is developed and distributed by Achab.
MDaemon is an Alt-N Technologies trademark.
Copyright © 2004 - Achab S.r.l. – All rights reserved.
Achab S.r.l.

Piazza Cinque Giornate, 4
20129 Milano

Telephone: +39 02 54108204
Fax: +39 02 5461894



For further informations about Archive Server for MDaemon,
visit the Web pages:
http://www.achab.com/asm



For further informations about Achab, its products and
services, visit the Web site:
http://www.achab.com



For sales and marketing related questions, contact Achab at:
sales@achab.com



For technical support requests, contact Achab at:
support@achab.com