Premise SSL Certificate - What flavour of web server?

[123]

I want to create an SSL certificate for Premise's Web Server. I generated the Certificate Signing Request (CSR) and supplied it to Comodo's free SSL service (www.instantssl.com). The form required me to select the web server's type from a list. Naturally, "Premise Web Server" was not available and I selected "Other". The service was unable to decode the CSR and could not generate a certificate.

Maybe "Other" was not the best choice and Premise's Web Server, for the purposes of SSL certificates, is like some popular type (i.e. Apache or IIS or whatever).

If someone has successfully generated an SSL certificate, could you let me know the details of how you did it? The web-server type you used? Which SSL service?

 

[jimspr]

I originally wrote this code and I played around with this for quite a while tonight.

Apparently, the CSR generated can't be decoded by many of the current tools online, but they don't specifically say what is wrong. I don't know what the actual problem is.

However, http://www.redkestrel.co.uk/cgi/decodeCSR.pl can decode it and it looks OK.

Also, I remembered that Verisign was one I made sure worked with Premise originally and they appear to still do (http://www.verisign.com/ssl/index.html) with one small change. Change the state to be a full name instead of just a two character abbreviation before generating the CSR. Their free cert trial is only 14 days though.

Why don't you just self-sign? Clients would need to add the Comodo authority anyways so just have them add the self-signed one. Also, you can make the expiration much longer than the 90 days that Comodo provides.

--jim

 

[123]

Thanks a million, Jim!

I discovered that www.rapidssl.com was also able to decode Premise's CSR.

I haven't successfully connected via SSL yet owing to a misconfigured web server/firewall/router/whatever. My ISP blocks all of the standard ports so I'm using alternates ... just a matter of time before I get all the ducks in a row. I'm using the self-signed certificate and, as per your suggestion, will probably continue to use it.

 

[ckindel]

Thanks a million, Jim!

I discovered that www.rapidssl.com was also able to decode Premise's CSR.

I haven't successfully connected via SSL yet owing to a misconfigured web server/firewall/router/whatever. My ISP blocks all of the standard ports so I'm using alternates ... just a matter of time before I get all the ducks in a row. I'm using the self-signed certificate and, as per your suggestion, will probably continue to use it.

Re-opening this thread instead of creating a new one:

I have successfully gotten a self-signed cert to work through my firewall.

However, my client device (Windows Phone 7) does not support adding new certificates to the system and thus does not support self-signed certs. This means my Windows Phone 7 front end for Premise can't communicate with my server.

So I purchased a cert from GoDaddy. Apparently registrars like GoDaddy will only create 2048 bit or 4096 bit these days. To create the cert manually created the CSR using W2K8's cert tool. The cert was created by GoDaddy successfully and I successfully imported it into Premise. All looks good.

HOWEVER: All web-requests to the SSL server on Premise with this cert installed appear to hang.

I have tried from IE(9), Chrome, Firefox, and IE on WP7. I use a simple SOAP test like this:
https://premise.kindel.net/sys/Home?f??DisplayName. In all cases the equivalent NON-http URL works: http://premise.kindel.net/sys/Home?f??DisplayName

But with the HTTPS URL I see a "WebRequest" get created in the Secure Web Site (with a client address of 0.0.0.0) and the request hangs forever. In otherwords, the browser just sits there waiting for the request to return forever. None of the browsers show any data on the SSL connection which implies they are never getting ANY response from the server. If I kill the browser session the WebRequest that was created is deleted.

So here's my questions:

1. Is anyone successfully running Premise with a NON-self-signed cert? I would like to prove it actually works before going further.
2. If you ARE using Premise with a NON-self-signed cert, how big is the cert? Is it 1024 bits or 2048 bits or something else?

My hypothesis is that Premise was never tested with 2048 bit certs because they were not in use back then....and it has a bug.