joined:Sept 8, 2016
I started the recent thread "Do I need to convert my company website to https?" and the take-away was that it should be pretty easy to do, so why don't I do it?
So here is where I'm at in this process. My site is currently running on an NT4 server running IIS4.
There are a number of files used in the creation of a domain validation SSL certificate:
I used the ZeroSSL online tools [zerossl.com
I used the SSL Certificate Wizard, entering only my email (email@example.com) and company domain (example.com and www.example.com) as the domains.
This generated a CSR file, which I downloaded: "csr" appears in the filename, the beginning sequence of which is: -----BEGIN CERTIFICATE REQUEST-----
Next the wizard generated an account key, which I downloaded. The text "account-key" appears in the filename, and it begins with the sequence: -----BEGIN RSA PRIVATE KEY-----
The next stage is verification, where the wizard requires the creation of specific filenames with specific contents: The web page tells you what they are. There is one file for each domain, so two files - one for www.example.com and the other for example.com. These are created under <webdsite-root>\.well-known\acme-challenge.
Once verified, the wizard presents an account ID (new-account-key.txt) which is a short sequence of digits: It's used in conjunction with the email entered into the wizard to facilitate recovery of the certificate(s)/keys.
I download the certificate (new-domain-crt.txt) which begins with the sequence: -----BEGIN CERTIFICATE-----
There are two such entries in the file (-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) : I assume 2 entries for the two domains.
I downloaded the domain key (new-domain-key.txt) which begins with the sequence: -----BEGIN RSA PRIVATE KEY-----
I've placed all the these files on the NT4 server. The wizard talks about using the domain certificate with the domain key, not the LetsEncrypt key. I believe the LE key is called the Account Key, and can be used when renewing the domain certificate & key without going through the verification process again.
On the NT4 server, in the Key Manager, under Key, I can Create New Key, or Import Key. I assume that I've already created the key, so I select Import Key. I'm asked for the location of 2 files (which right now I can't recall but I assume these are what I created above) and it's asking for a password, for which I have no clue what sort of password it wants. At no point was I asked for a password: I don't know what IIS4 expects here. The text box is short, so I doubt it's a key. I've tried my nt4 admin password, but I get an error when I go forward with that. So that's where I'm kinda stuck right now.