Daniel Harris

Coding, The Cloud, and Tech

8. May 2012 21:24
by Daniel Harris

Prevent nested Applications from inheriting their parents web.config values in IIS

8. May 2012 21:24 by | 0 Comments

Sometimes you need to host an application within an existing website/app in IIS. The way many of us are all familiar with is right clicking on a folder in the IIS site structure, and choosing 'Convert to Application'. Some expect that this treats the application as a separate entity to it's parent site that it is hosted in. However, any nested applications will still attempt to inherit the parent web.config. This can cause issues. One specific example that affected me was a line that defined the Theme in the parent site, that wasn't present in the child Application. To solve this, simply wrap any sections, or if you prefer the entire web.config (inside the <configuration> node) and the child will no longer inherit settings in the parent web config. <location path="." inheritInChildApplications="false"> This can be particularly useful when apps use common names for entries, such as 'ConnectionString' Personally I try to avoid this and use a more specific name Here is an example of my parent web.config with the new tag to prevent inheritance. <configuration> <location path="." inheritInChildApplications="false"> <system.web> <pages theme="ParentSiteTheme"/> </system.web> </location> <connectionStrings> <!--Shared Information to be inherited--> </connectionStrings> </configuration>

4. May 2012 21:53
by Daniel Harris

Creating an RSA Private Key for Windows Server 2008 from text using OpenSSL

4. May 2012 21:53 by | 0 Comments

Recently I had to move a clients website from their old developers server in the USA to one based here in the UK. Part of that migration involved getting an SSL certificate setup and working on the new server. I was provided with the certificate code in the following text format: —–BEGIN CERTIFICATE—– xxxxxxx —–END CERTIFICATE—– Text in this format can easily be saved from notepad with a .cer or .crt extension, and it will install on a Windows machine, seemingly without any problems… However, if you go to IIS and try to assign this certificate it will not be listed. This is because you have not got the second piece, the RSA Private key. I had this in a second text file in the format: —–BEGIN RSA PRIVATE KEY—– xxxxxxx —–END RSA PRIVATE KEY—– This is usually generated when you create a CSR request, and send it to the issuing authority, and is stored on the machine the request was generated on. Since I didn’t generate a request from the server we were migrating from (I simply had two blocks of text) the matching private key was not generated and present on the server. No matter how many formats I saved the RSA key text as, it would not import the private key. Using OpenSSL to generate a .p12 file The solution was to generate a p.12 file, using both the Private RSA key (Text file saved as a .key) and the Certificate (Text file saved as .cer). I downloaded a windows version of OpenSSL found here: Win32 OpenSSL v0.9.8r Light Once installed (I put it to C:\OpenSSL) you need to run the following command on your two files: openssl pkcs12 -export -in certificate.crt -inkey rsa.key -out fullcertificate.p12   The command prompt should ask you type in a password, choose something secure but remember it as you will need it when importing to your server. Import the .p12 file into IIS7 Once you have generated the .p12 file, go into IIS7 management and select the server in the tree view on the left, and then follow these steps: Double click on “Server Certificates” On the right in the actions pane click “Import” Click on the “..” button to browse and at the bottom right of the dialog change the dropdown to “*.*” Browse to the “fullcertificate.p12″ file, enter the password for the certificate that you entered into OpenSSL It’s up to you if you want to enable the certificate to be exported later Click OK and the certificate should import successfully You will notice the certificate doesn’t have a name, but you can right click it, choose properties and enter something into the “friendly name” field. You can now assign this certificate to the site in IIS as you usually would. If you try this and have any problems, or if this post helps you solve your issue then please leave a comment.