-
-
Notifications
You must be signed in to change notification settings - Fork 797
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DefaultCentralSslPfxPassword Problem #1071
Comments
Tools to access PFX : Windows Certificate Import WizardI get the same problem when I use Windows Certificate Import Wizard |
There are two passwords that you are confusing (understandably, but nonetheless)
So there are a couple of ways to go about this, ranging from dirty to very clean, but I'd recommend you to configure your certificate to be stored to the "IIS CCS", even if that's not your purpose at all. Make sure that you choose a different folder for the "CCS" than the program uses for its own certificate cache. |
Hello WouterTinus, Thanks a lot for your answer, VERY CLEAR :-) Yes, I was mistaking the "DefaultCentralSslPfxPassword" with the "Random Password Generated" in the CACHE PFX file. Now, I understand the difference between both. In the dirty way, I can easily Call my C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates\MYID-cache.pfx file using its random generated password, that I found in (List scheduled renewals > Show details for certificate) where you told me to search for. Problem SOLVED !!! Thanks a lot !!! :-) BUT (If I try the CLEAN way I get the ERROR MESSAGE BELOW, sorry for that), I'm managing 65 domains on another server that I will be migrating to this new one. Are SAN Certificates the best solution, because I added the domains manually in WACS ? All domains point to the same Server and the same Website. I am then trying the CLEAN SOLUTION are you suggested : I installed Central Certificate Store (CCS) following the instructions in the link below (my server is Windows 2012 R2). Everything OK My Wacs setting.config:<setting name="DefaultCentralSslStore" serializeAs="String"><value>MYSERVERCCSPATH... I entered this DefaultCentralSslPfxPassword in CCS in IIS. WACS.exeM: Create new certificate with advanced options [INFO] Running in mode: Interactive, Advanced 4: Manually input host names Enter comma-separated list of host names, starting with the common name: MYWEBSITE.com,www.MYWEBSITE.com [INFO] Target generated using plugin Manual: MYWEBSITE.com and 1 alternatives Suggested FriendlyName is '[Manual] MYWEBSITE.com', press enter to accept or type an alternative: 4: [http-01] Host the validation files from memory (recommended) 2: Standard RSA key pair 1: IIS Central Certificate Store 1: Create or update https bindings in IIS 1: Default Web Site [INFO] Authorize identifier: MYWEBSITE.com |
You're right, it seems that the CentralSsl store plugin requires the setting Since that setting only applies to the CertificateStore plugin, I've marked it as a bug and it should be fixed in the next release. |
Any thoughts when we can expect release with this bugfix? |
I want to make a new release in a couple of days. In the mean time you can either get the .pfx from the certificate cache with the password found in the main menu, or set PrivateKeyExportable to |
Thank you! PrivateKeyExportable setting helped me. |
Thanks a lot WouterTinus. Yes PrivateKeyExportable=True works fine with CCS. |
Bugfix released in 2.0.5 |
What is the correct way to obtain current random generated pfx password from Windows command line? cmd.exe / powershell? When trying to redirect
|
Hi everyone,
First of allThanks to you for your great tool. My web site is HTTPS up and running Fine.
My system :
I use WACS which created theses files :
Inside MYID.renewal.json :
"Id": MYID",
"LastFriendlyName": "[IISSite] Default Web Site",
"PfxPasswordProtected": "enc-***************************************==",
"TargetPluginOptions":
Settings:
in my SETTINGS.CONFIG in WACS folder, i tried adding my password in the VALUE section of :
<setting name="DefaultCentralSslPassword" serializeAs="String">
<value>MYPASSWORD</value>
</setting>
<setting name="DefaultCentralSslPfxPassword" serializeAs="String">
<value>MYPASSWORD</value>
</setting>
My Issue:
My problem is that I need to use the PFXPasswordProtected, but in my application when , I call the PFX file using my password, it displays "The specified network password is not correct. ".
Tools to acess PFX: ASP PAGE :
Commands :
Set oEncrypt = Server.CreateObject("Persits.CryptoManager")
Set oStore = oEncrypt.OpenStoreFromPFX("C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates\MY-ID.pfx", "MYPASSWORD")
Error message:
Persits.CryptoManager.1 error '800a0064'
The specified network password is not correct.
Question:
How to generate my own password to be embeded in the PFX file ?
Kind Regards,
Joaquim
The text was updated successfully, but these errors were encountered: