Consider a Win2003 + IIS6 machine that has a single website. Let's call it myDomain.com. The task is to secure the site with an SSL certificate. Currently have a .pfx certificate.
Using the MMC app, the certificate is imported successfully into:
- Current user personal store
- Local Computer personal store
Problem: the myDomain cert doesn't show in the list of available certs when configuring IIS. The only entry is for that 3rd part certificate authority.
We know the cert for myDomain.com is in the .pfx because the MMC import process shows two certs:
- one for myDomain.com with the Intended Purpose of Client Authentication
- one for the Root CA
Question:
How can I ensure that the certificate --for myDomain.com-- in the .pfx shows in the pick-list in the IIS Certificate Wizard when choosing "Assign an existing certificate"?
Update It appears that the .pfx created was not suitable for Server Authentication, but rather Client Authentication only.
I believe you have a certificate of the wrong type the IIS certificate needs to authenticate the server to the client and therefore needs to have the key usage server authentication you indicate it has client authentication. Without more detail its hard to tell but thats what im reading from your text. IIS wont let you pick it as its not suitable is my suggestion.
Where other templates available from the CA, with Server Auth available?
What was the CA type?
Mark Sutton
http://www.blacktipconsulting.com