Webprofusion Ltd – Certify The Web – Day 1

Background

Security is being in the news a lot lately.

In this post, we will talk about using SSL, specifically reaping SSL certificates from LetsEncrypt.Org via “WebProfusion Ltd – Certify the Web“.

LetsEncrypt.Org

Client Options

Here are the Client Options available for Windows

Link

WebProfusion Ltd – Certify GUI –
(.Net, WinForms )

In this post, we will go with WebProfusion Ltd – Certify the Web.

 

Requirement

Outline

  1. Network
    • DNS
  2. Website Availability
    • Website Availability Test
  3.  Software
    • Microsoft .Net v4.5
  4. Microsoft IIS
    • Bindings

Network

DNS

DNS Requirement

From a networking standpoint, the LetsEncrypt validation servers have to able to connect to the originating computer.

That rules out the following:

  1. Servers that are not reachable over the Internet
    • Servers that only have local IP Addresses

 

DNS Server Names

Here are a couple of popular DNS Servers:

Vendor Link DNS-1 DNS-2
Verisign  Link  64.6.64.6  64.6.65.6
Google  Link  8.8.8.8  8.8.4.4
OpenDNS  Link  208.67.222.222  208.67.220.220

 

DNS Validation
nslookup

On MS Windows, we can use nslookup to validate.

Syntax

Here is the syntax


nslookup [FQDN] [dns-server]

Sample – DNS – Google ( 8.8.4.4 & 8.8.8.8 )
Code

nslookup web.labDomain.org 8.8.8.8 

Output

Sample – Verisign ( 64.6.64.6 & 64.6.65.6 )
Code

nslookup web.labDomain.org 64.6.64.6 

Output

 

Website Availability

Website Availability Test

Here are some availability tools:

  1. Uptrends

 

Uptrends.com

Go to https://www.uptrends.com/tools/uptime.

Intentionally entered an invalid URL, in this case upTimeTest.cnn.com

Uptrends.com – Sample

uptimeTest.cnn.com

We entered a FQDN that we know is not available.

hyattHouse.com

We entered hyattHouse.com and we are able to successfully validate.

 

Software

Microsoft .Net Framework v4.5

Although the software can be installed without first installing .Net v4.5, it can not be used.

If one tries to do so, the user is prompted to install .Net 4.5.

BTW, .Net v4.5 has its own requirement in terms of minimal OS.  And, those are:

  1. Windows 2003
    • .Net v4.5 can not be installed on MS Windows 2003
  2. Windows 7
  3. Windows 2012

 

Microsoft IIS

IIS – Site Bindings

Internet Information Server ( IIS )

Site Bindings

We can use IIS Manager and access the Site Bindings

Site Bindings – Original

 

Site Bindings – Add Binding

Click on the “Add..” button.

Add each hostname or alias that you will like to generate certificate for.

Please add only http entries.

The https will be added for you.

 

Site Bindings – After adding
  
Explanation

In the screen above, we have added the hostname that we will like exposed.

 

Download

Downloaded “Certify The Web” from the Vendor’s website.

As of 2017-July-15th, the current version is V2.0.7-beta4.

Installation

ScreenShots

License Agreement

Image

 

Select Destination Location

Image

Explanation

  1. 9 MB

 

Select Start Menu Folder

Image

 

Ready to Install

Image

Installing ….

Image

Complete the Wizard

Image

 

Usage

Launch “Certify the web“.

Initial Screen

Empty Canvas

New Certificate

Click the “New Certificate” button.

Managed Sites – New Certificate – Options

Image

Explanation

  1. Select IIS Site
    • Chose the IIS Site
  2. Name
    • The Name is only figurative
  3. Primary Domain Name
    • Please choose the Domain Name
    • If none shown, please visit the TroubleShooting section
  4. Alternative Domain Subject Name
    • All of the hostnames registered in the Site Bindings are listed

 

Managed Sites – New Certificate – Advanced

 

 

Explanation

  1. Auto create/update IIS bindings ( use SNI )
    • Chose to use SNI
      • Please read more about SNI ( Server Name Indication )
      • As always Wikipedia is a good source and here is the Link

 

Once you are comfortable with your choices, please click the Save button.

 

Request Certificate

Here are the steps for actually requesting a certificate.

Saved Certificate Request

Here is the screen once a Certificate is Requested.

Image

 

Certificate Received and Installed

Image

Explanation

  1. In the image above, our request has been validated, a certificate has been issued, and installed on our machine.

 

Troubleshooting

Primary Domain Name

Primary Domain Name – Empty

In the example that follows we just installed the Application and we are trying to add a “New Certificate”.

New Certificate

Error – “A primary domain must be selected”

Explanation:

  1. The error message states “A Primary Domain” must be selected
    • The reason is because we have not selected “Primary Domain Name

 

Remediate:

To fix, please …

  1. Launch IIS Manager
  2. Access Site
  3. Under Sites, select the Web Site
  4. In the Action Panel
    • Under Edit Site, Choose Bindings…
  5. In the “Site Bindings” window
    • Review listed Site Bindings
    • If not listed, click the “Add” button
      • The “Site Binding” window appears
        • In the Host name text box, add the host’s “Fully Qualified Domain Name

 

Summary

If you are running at a minimum MS Windows 7 ( desktop)  or 2012 ( server ), you should consider “Certify The Web“.

There is a lot more as this is only Day ONE.

 

References

  1. Certify The Web
    • Home Page
      Link
    • Docs
      Link
    • Getting Started
      Link
    • Issues
      • Issues – does not give list of possible domains #83
        Link
  2. Server Name Indication
  3. Browser – SSL
    • Google Chrome
      • Akemi Iwaya
        • Akemi Iwaya – How Do You View SSL Certificate Details in Google Chrome?
          Link
  4. DNS Servers – Public
    • Lifewire
      • LifeWire – Free & Public DNS Servers
        Link

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s