Certificates on a webserver (IIS)

P

Pat

Hi!
Can I get any help regarding getting a certificate to establish a secure
connection (https) againt my webserver. If I want to get one certificate
installed on a single computer with a registrered domain it is not a problem.
I know my ipaddress, domainname and so on. But how do I do it if I want to
distribute lets say twenty (20) computers each with a security certificate
when I dont know how my customers will connect our software. I dont know what
static ipadress they will have or if they will have a domain address to
connect to.
I am sure that anyone have done this before.
Thankful for all help I can get.
Regards
Pat
 
B

Brian Komar

You must know the DNS name that will go into the subject of the certificate
before you purchase the certificate
You do not need to know the IP address. It sounds like you do not even know
the domain name that the Web server will use, so wild card certificates are
not an option

Brian

"Pat" <Pat@discussions.microsoft.com> wrote in message
news:F429885A-49DD-445C-B648-EE9A1E36D074@microsoft.com...
> Hi!
> Can I get any help regarding getting a certificate to establish a secure
> connection (https) againt my webserver. If I want to get one certificate
> installed on a single computer with a registrered domain it is not a
> problem.
> I know my ipaddress, domainname and so on. But how do I do it if I want to
> distribute lets say twenty (20) computers each with a security certificate
> when I dont know how my customers will connect our software. I dont know
> what
> static ipadress they will have or if they will have a domain address to
> connect to.
> I am sure that anyone have done this before.
> Thankful for all help I can get.
> Regards
> Pat
 
P

Pat

Its right, I dont know the ipadress in advance. When we sell our software we
want to sell a total solution including a certificate that would follow the
software.
But I dont think I can do this. If you do not have or know the customers DNS
you are not able to create a certificate. I thought the procedure was easier.
But it seems to be based on that you have a working DNS in bottom. Or is
there a way around?
Thanks
Pat

"Brian Komar" wrote:

> You must know the DNS name that will go into the subject of the certificate
> before you purchase the certificate
> You do not need to know the IP address. It sounds like you do not even know
> the domain name that the Web server will use, so wild card certificates are
> not an option
>
> Brian
>
> "Pat" <Pat@discussions.microsoft.com> wrote in message
> news:F429885A-49DD-445C-B648-EE9A1E36D074@microsoft.com...
> > Hi!
> > Can I get any help regarding getting a certificate to establish a secure
> > connection (https) againt my webserver. If I want to get one certificate
> > installed on a single computer with a registrered domain it is not a
> > problem.
> > I know my ipaddress, domainname and so on. But how do I do it if I want to
> > distribute lets say twenty (20) computers each with a security certificate
> > when I dont know how my customers will connect our software. I dont know
> > what
> > static ipadress they will have or if they will have a domain address to
> > connect to.
> > I am sure that anyone have done this before.
> > Thankful for all help I can get.
> > Regards
> > Pat
>
>
 
A

Alun Jones

Are you talking about certificates that identify your web server, or
certificates that identify your customer?

If you're talking about certificates that identify the customer, that's
going to depend on what application you use to accept the client's
certificate. It may be that you simply map a certificate name to a user ID,
and ensure that the certificate is signed by a trusted party (probably your
own CA).

Alun.
~~~~

"Pat" <Pat@discussions.microsoft.com> wrote in message
news:91869601-B16A-405E-9178-78646A53DE9E@microsoft.com...
> Its right, I dont know the ipadress in advance. When we sell our software
> we
> want to sell a total solution including a certificate that would follow
> the
> software.
> But I dont think I can do this. If you do not have or know the customers
> DNS
> you are not able to create a certificate. I thought the procedure was
> easier.
> But it seems to be based on that you have a working DNS in bottom. Or is
> there a way around?
> Thanks
> Pat
>
> "Brian Komar" wrote:
>
>> You must know the DNS name that will go into the subject of the
>> certificate
>> before you purchase the certificate
>> You do not need to know the IP address. It sounds like you do not even
>> know
>> the domain name that the Web server will use, so wild card certificates
>> are
>> not an option
>>
>> Brian
>>
>> "Pat" <Pat@discussions.microsoft.com> wrote in message
>> news:F429885A-49DD-445C-B648-EE9A1E36D074@microsoft.com...
>> > Hi!
>> > Can I get any help regarding getting a certificate to establish a
>> > secure
>> > connection (https) againt my webserver. If I want to get one
>> > certificate
>> > installed on a single computer with a registrered domain it is not a
>> > problem.
>> > I know my ipaddress, domainname and so on. But how do I do it if I want
>> > to
>> > distribute lets say twenty (20) computers each with a security
>> > certificate
>> > when I dont know how my customers will connect our software. I dont
>> > know
>> > what
>> > static ipadress they will have or if they will have a domain address to
>> > connect to.
>> > I am sure that anyone have done this before.
>> > Thankful for all help I can get.
>> > Regards
>> > Pat
>>
>>
 
P

Pat

At first I thougt I could use a certificate to both create a SSL-connection
to my webserver AND use it to "verify" my application as valid (trusted). But
I believe that this is two different things. You need one certificate to
establish an SSL-connection and one to "sign" my application that you need to
download from the webberver so you dont get the popup "Unknown publisher"
when you try to download our software. Personally I think that the thing that
you have to buy a certificate from e.g Verisign, Geotrust and so on to verify
that my application is from us is a way for these companys to "make a buck".
They have no idea what type of application they are signing in a matter of
security way of speaking. But that is a another case and has nothing to do
with this :).
/Pat

"Alun Jones" wrote:

> Are you talking about certificates that identify your web server, or
> certificates that identify your customer?
>
> If you're talking about certificates that identify the customer, that's
> going to depend on what application you use to accept the client's
> certificate. It may be that you simply map a certificate name to a user ID,
> and ensure that the certificate is signed by a trusted party (probably your
> own CA).
>
> Alun.
> ~~~~
>
> "Pat" <Pat@discussions.microsoft.com> wrote in message
> news:91869601-B16A-405E-9178-78646A53DE9E@microsoft.com...
> > Its right, I dont know the ipadress in advance. When we sell our software
> > we
> > want to sell a total solution including a certificate that would follow
> > the
> > software.
> > But I dont think I can do this. If you do not have or know the customers
> > DNS
> > you are not able to create a certificate. I thought the procedure was
> > easier.
> > But it seems to be based on that you have a working DNS in bottom. Or is
> > there a way around?
> > Thanks
> > Pat
> >
> > "Brian Komar" wrote:
> >
> >> You must know the DNS name that will go into the subject of the
> >> certificate
> >> before you purchase the certificate
> >> You do not need to know the IP address. It sounds like you do not even
> >> know
> >> the domain name that the Web server will use, so wild card certificates
> >> are
> >> not an option
> >>
> >> Brian
> >>
> >> "Pat" <Pat@discussions.microsoft.com> wrote in message
> >> news:F429885A-49DD-445C-B648-EE9A1E36D074@microsoft.com...
> >> > Hi!
> >> > Can I get any help regarding getting a certificate to establish a
> >> > secure
> >> > connection (https) againt my webserver. If I want to get one
> >> > certificate
> >> > installed on a single computer with a registrered domain it is not a
> >> > problem.
> >> > I know my ipaddress, domainname and so on. But how do I do it if I want
> >> > to
> >> > distribute lets say twenty (20) computers each with a security
> >> > certificate
> >> > when I dont know how my customers will connect our software. I dont
> >> > know
> >> > what
> >> > static ipadress they will have or if they will have a domain address to
> >> > connect to.
> >> > I am sure that anyone have done this before.
> >> > Thankful for all help I can get.
> >> > Regards
> >> > Pat
> >>
> >>
>
>
>
 
You must log in or register to reply here.

Similar threads

R
IIS server delivers an old, expired SSL Certificate, giving ERR_CERT_AUTHORITY_INVALID
Replies
0
Views
93
RanAground
R
H
Can't create a custom CSR using mmc and certificates snap-in on Windows 10
Replies
0
Views
71
Hank Cohen
H
J
how may i connect to an iphone 11 hotspot on a windows 10 laptop (22h2 64 bit)
Replies
0
Views
22
JoshuaCaleb
J
C
Trying to generate a custom CSR using certificates snap-in. Only legacy crypto providers can be used.
Replies
0
Views
54
Cohen Hank
C
M
why do localhost and 127.0.0.1 can't establish a connection on IIS 10 on my MSI computer
Replies
0
Views
59
Michel Trahan
M
Back
Top Bottom