Openssl IIS7.5 and CA

[peterlyttle]

Right after weeks of trying to work this out myself I am hoping someone can help me out with this -

I have 4 servers (2 part of a domain / 2 work group) all seperate subnets.

Im in the process of setting up SQL Merge Replication that needs SQL Web Synchronization. One of the pre-req's is that certificates are needed.

I can generate a self signed cert in IIS and then export it / import it on the other servers and this works, however it is only a 12 month certificate and I would prefer to have it signed by a CA.

So, can someone please tell me how I can create a certificate (that will be available in IIS) for each server.

Here are the commands ive been using so far, but this doesnt show the cert in IIS - is that because the key isnt there (an IIS self signed cert has the private key included)?

To Create a CA -
openssl req -new -x509 -extensions v3_ca -keyout private/CA.key -out private/CA.cer -days 3650 -config ./openssl.cfg

To Create a Certificate Request -
openssl req -new -nodes -out private/SERVER1-req.req -keyout private/SERVER1-key.key -config ./openssl.cfg

To Create a Certificate -
openssl ca -out private/SERVER1.cer -config ./openssl.cfg -infiles private/SERVER1-req.req

Any help much appreciated!

 

[peterlyttle]

I might have managed to get this working by using the following command, can anyone see any problems with doing this?

openssl pkcs12 -export -in private/SERVER1.cer -inkey private/SERVER1-key.key -certfile private/CA.cer -name "SERVER1" -out private/SERVER1-PKCS12.p12

I think that as the private key is exported IIS is happier and allows it to be used.