tags:

views:

3722

answers:

2
Q: 

How do I generate an SSL Certificate with Microsoft Certificate Services and then install / configure it to work with Apache?

I've generated a certificate request, submitted it to the Microsoft Certificate Services program. It issues the certificate. I downloaded it to conf/ssl/server.cert

I configured it in apache to using 

SSLCertificateFile conf/ssl/server.cert
SSLCertificateKeyFile conf/ssl/server.key

When I start the server with this config I get

Secure Connection Failed An error occurred during a connection to 192.168.1.100.

Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type) The page you are trying to view can not be shown because the authenticity of the received data could not be verified.

  • Please contact the web site owners to inform them of this problem.

If I download the CA Certificate and install it with

SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
SSLCACertificateFile conf/ssl/cacert.crt

The server fails to start.

It works fine if I generate a self signed certificate an install it, but I need it to come from Microsoft Certificate Services so it won't warn internal users about the certificate.

+2  A: 

Sounds like your cert isn't allowed to be used for a server. IIRC, you can view the certificate in a browser and look for Usage or some such language, and it should say SSL Server (possibly among other things).

Mark Brackett  2008-12-12 23:21:23
They were generating the wrong type of certificate. Once they generated the correct type it worked fine. Thanks!
ScArcher2  2008-12-15 19:21:46
+2  A: 

You need to make sure that the issued certificate has "Server Authentication" specified as one of the permitted uses in the extended key usage extension. The easiest way to do this (and only way on Win2k3 Standard) is to use the Web Server certificate template.

You need to use the Certificate Services MMC snap-in to add this certificate template to the list of those allowed, and then need to configure permissions so the appropriate user(s) can request certificates.

Calrion  2009-03-14 04:03:53

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP