Reputation: 613
Cloudflare SSL certificate on IIS: "Windows does not have enough information to verify this certificate"
So I am trying to make my IIS8 webserver https, yet I can't seem to get it to work. I have tried almost anything... but nothing seems to work.
DON'T WORRY THE FILES BELOW ARE FAKE!
PICTURE 1 KEY
PICTURE 2 PEM
First of all, what do I need to do with these 2? It says to save them as .key and .pem files, so I thought they mend: put the private key in a text file and save it as .key and same for the certificate and save it as .pem.
I tried to convert them to .pfx because that is what I need, right?
First I tried using openssl, but I saw a nice site, so I started using that instead: https://www.sslshopper.com/ssl-converter.html. That gave me an error at first, but then I saw cloudflare also had something called DER:
Which gave me an .CRT file if I downloaded it, so now I had a .PEM, a .KEY and an .CRT file, I went back to the website and used the .CRT file and the .KEY file, and put in a password!
Now I've gotten my .PFX file, which I wanted! I installed it on my windows server, but got this:
Why is it not verified?!
- What files do I need to verify this?
- Am I saving the files correct?
Upvotes: 5
Views: 9855
Answers (1)
Reputation: 4399
Within IIS you'll need to create a Certificate Signing Request (CSR) and export it.
In the Crypto app, scroll down to the Origin Certificates card and click 'Create Certificate'. Select 'I have my own private key and CSR', add the hostnames you'd like to be covered by the certificate. Once you've completed all the steps in the Wizard you can go back to IIS and click " Complete Certificate Request".
A step-by-step breakdown of these instructions is available on the Cloudflare Knowledge Base: Managing Cloudflare Origin CA certificates
Additionally, you'll need to install the Origin CA root certificates for CloudFlare on the server outline in Step 4 of the KB tutorial. This is fix the warning message:
Windows does not have enough information to verify this certificate.
There are two locations which these certificates may be installed: Current User or Local Machine.
- To target the Current User open the
certmgr.mscprogram, otherwise opencertlm.msc - Expand 'Trusted Root Certification Authorities'
- Right-click 'Certificates'
- Select 'Import...' from the 'All Tasks' menu
- Import both the ECC and RSA
.pemfiles
Upvotes: 6
Related Questions
- Cloudflare - 525 SSL handshake failed
- Server Error: The request was aborted: Could not create SSL/TLS secure channel
- Certificate validation failed: validation of client side certificate fails when the certificate is validated
- Cloudflare SSL cert throws a Security Issue
- Cloudflare - Ineligible for SSL
- Cloudflare ssl error showing "ERR_CERT_AUTHORITY_INVALID"
- Can't use Cloudflare SSL certificate for website that is hosted on Azure
- cloudflare - ssl error
- Cannot get my certificate to work in IIS 7.5
- Azure with SSL issue