How do I create a self-signed certificate for Microsoft Virtual Server?

Question

I'd like to use TLS encryption with Virtual Machine Remote Control (VMRC) for Microsoft Virtual Server 2005 SP1.

Virtual Server doesn't allow you to upload an arbitrary self-signed certificate; it generates a certificate signing request (CSR) that then needs to be signed by a Certificate Authority (CA).

I don't have a Windows Certificate Authority, and can't install it because I don't have access to Windows Server.

Can I use a self-signed CA certificate (generated with either MakeCert or OpenSSL) to sign the certificate signing request (CSR) that Virtual Server generates?

If so, how do I do this (using either MakeCert or OpenSSL)? I've only ever used MakeCert and OpenSSL to create signed certificates from scratch, not to sign CSRs.

score 1 · Accepted Answer · answered Jun 30 '09 at 19:09

1

I've always used SelfSSL from the IIS 6 resource kit to generate SSL certs. It's pretty easy to use.

http://support.microsoft.com/kb/840671#11

answered Jun 30 '09 at 19:09

Ausmith1

1,179
8
12

Doesn't appear to be able to sign CSRs, unless I'm missing something. – Roger Lipscombe Jul 01 '09 at 09:35
You don't need the CSR. SelfSSL will take care of everything. See: http://thelazyadmin.com/blogs/thelazyadmin/archive/2006/06/26/Configure-SSL-for-Virtual-Server-2005-Using-SelfSSL.aspx – Ausmith1 Jul 01 '09 at 19:59

score 1 · Answer 2 · answered Jul 02 '09 at 09:06

1

Are you using R2 ? I have an option in Virtual Server 2005 R2 (Enterprise Edition) to upload a certificate...

Haven't tried it, but I'm guessing using SelfSLL from the IIS Resouce Kit to generate a cert and then uploading it would work.

See screenshot of the R2 config page here

.. Ken

answered Jul 02 '09 at 09:06

KennetRunner

333
1
3
9

Doh! Yes I am, and yes, that option's there. I'll try it later; if SelfSSL or MakeCert work, then I'll accept your answer. – Roger Lipscombe Jul 02 '09 at 11:37

John Rennie · Answer 3 · 2009-06-30T15:54:59.860

0

I'm not familiar with MakeCert or OpenSSL, but it's pretty trivial to install the certification authority and generate your own certificates. Well, I'm assuming you're running a server version of Windows ...

JR

edited Jun 30 '09 at 15:54

answered Jun 30 '09 at 14:48

John Rennie

7,756
1
22
34

Can't use Certificate Authority; updated question – Roger Lipscombe Jun 30 '09 at 15:26

score 0 · Answer 4 · answered Jun 30 '09 at 18:39

OpenSSL is pretty comprehensive I'd be surprised if it can't do what you need. Provided you're comfortable poking about in it's config files you will certainly have no problem issuing x.509 certs that are fully RFC compliant for any standard use but if Virtual Server makes uses of custom OID's you may run into issues. I wouldn't expect that though, to be honest, and I have successfully used OpenSSL issued certs to set up TLS links with MS infrastructure in the past. This appears to be a basic explanation of the process used to get an ancient version of IIS to use a cert issued safely by an OpenSSL CA. Fair warning, I haven't done this recently and things may be different now but that should be enough to get you started.

How do I create a self-signed certificate for Microsoft Virtual Server?

4 Answers4