Re: Serving Trusted Root Master Certificates using IIS 6 by Ken
Ken
Sat Jun 03 22:34:39 CDT 2006
In addition to the previous post. If I recall correctly, the .cer file
extension should be mapped to the ASP ISAPI Extension, so you will need to
have "Scripts" permission set for the folder in question. the fact that the
file is then coming down and being opened by your browser indicates that ASP
is sucessfully generating the necessary data, but perhaps sending the wrong
MIME type (thus causing your browser to open the file). If you do a
right-click "Save As", as you able to save the file to your hard disk?
Cheers
Ken
"TedMac" <TedMac@discussions.microsoft.com> wrote in message
news:E427B2D3-D9C8-4CDB-9285-6D2414249B6E@microsoft.com...
>I see HTTP/1.1 New Application Failed.
>
> .cer is set as the MIME, permissions are allowed in both IIS and NTFS, and
> still no download is allowed. If I enable scripts, the certificate opens
> as
> a text file. Another file in the same folder (Certificate installation
> instructions) work perfectly. This should work and it does not.
>
> I'm going to install Netscape just to see what happens.
>
> Thanks, there's always a reason. I just don't know what it is.
>
> Ted
>
>
>
> "Ken Schaefer" wrote:
>
>> For the 500 error, disable "Show Friendly HTTP Errors" in your browser,
>> and
>> reload the page. What do you see know?
>>
>> For the file opening in your browser: that has nothing to do with IIS
>> (provided you configured the correct MIME type). It is up to the client
>> to
>> decide what to do with the returned file (in Windows, you can go to
>> Tools ->
>> Folder Options -> File Types, and locate the file type that matches the
>> MIME
>> type of the file in question. You have an option there to always prompt
>> the
>> user when downloading this type of file)
>>
>> Cheers
>> Ken
>>
>>
>> "TedMac" <TedMac@discussions.microsoft.com> wrote in message
>> news:923A26AA-AF33-4D0E-BDE9-95AD86AD8D3A@microsoft.com...
>> > Thank you gents for taking the time to reply.
>> >
>> > In our case, this is a set of secure sites for limited access. Thus,
>> > we
>> > are
>> > trusted and being our own Certificate Authority makes sense.
>> >
>> > However, I've added Certificates (.cer) as a MIME type, and I'm having
>> > a
>> > hard time having IIS download the Cert as a Certificate. The
>> > certificate
>> > is
>> > either unavailable (as an HTTP 500) or opens as a page where one can
>> > read
>> > the
>> > encryptred key. How do you set up IIS to open the cert as a Cert
>> > (launching
>> > the Certificate Wizard), or save it as a cert?
>> >
>> > Thanks again,
>> >
>> > Ted
>> >
>> >
>> > "Daniel Crichton" wrote:
>> >
>> >> Ken Schaefer has already given you the answer on how to enable IIS6 to
>> >> allow
>> >> downloading of .cer files. However, I wanted to address this bit.
>> >>
>> >> TedMac wrote on Thu, 25 May 2006 11:57:02 -0700:
>> >>
>> >> > BTW, the message here is that you can be your own certificate
>> >> > authority
>> >> > using the MS Certificate Server, and quit paying others to do it for
>> >> > you.
>> >>
>> >> Being your own CA is fine - so long as your users trust you. In an
>> >> intranet
>> >> or extranet evironment this is normally not an issue, but if you're
>> >> running
>> >> an e-commerce site targetted at consumers then you're better off
>> >> paying
>> >> for
>> >> a certificate from a CA that has their trusted root already in the
>> >> browsers,
>> >> as it doesn't require an additional level of trust for them to blindly
>> >> install your root cert. The cost of certificates in this situation is
>> >> very
>> >> small when you consider how much potential profit you could be losing
>> >> by
>> >> not
>> >> having a publicly trusted cert. Acting as your own CA is not always
>> >> the
>> >> most
>> >> cost-effective course of action - each site needs to decide whether
>> >> it's
>> >> appropriate for them.
>> >>
>> >> Dan
>> >>
>> >>
>> >>
>>
>>
>>