Welcome to Sign in | Join | Help
in
Home Blog Forums

The Lazy Admin

Configure SSL for Virtual Server 2005 Using SelfSSL

Sponsor

Virtual Server 2005 is a powerful virtualization tool. One of my favourite features is the web based administration of the server and the virtual machines. As with any web facing application SSL encryption is important, and with Virtual Server 2005, it is a snap to configure.

There are two different SSL configurations required for Virtual Server 2005, one for the administration web page, and one for the Virtual Machine Remote Client (VMRC). Let's tackle the administration webpage first and then take care of VMRC. You can enable SSL for the administration web page in the same manner as you would for any other website. For this demo I am going to use SelfSSL from the IIS6 Resource Kit. SelfSSL is the perfect tool for creating self-signed SSL certificates without installing a Certificate Authority (CA). Once you have downloaded and installed SelfSSL we can begin. To start, you need to open the IIS Manager MMC and drill down to Web Sites | Virtual Server. Open up the properties page for the Virtual Server web site and enter a port number. You can use any available port and in this example I changed the non-SSL port to 1020 and used port 1024 (the default) as the SSL port.

 

Next launch SelfSSL from Program Files\IIS Resouces\SelfSSL and enter the following:

 selfssl /N:CN=VirtualServer.domain.com /K:1024 /V:730 /S:2 /P:1024

Note: The image above has an error in the syntax. It should read /N:CN=

Three things to ensure here, first use the FQDN that you will be accessing the server with from the internet. If you don't you will never get rid of the SSL security warning even after installing the cert as the names won't match. Second, ensure that you specify the Site (S:2) and the port (P:1024) If Virtual Server is not the second web site, make sure you change the number to match the site number. Finally, make sure the port matches the port you configured in the IIS Manager MMC. Now, browse to https://VirtualServer.domain.com:1024 and you should be presented with a SSL Security warning.

 

To configure SSL for the VMRC it gets a little easier. Open up the administration web page and click on Server Properties, then select Virtual Machine Remote Control (VMRC) Server. Check the box next to SSL 3.0/TLS 1.0 Authentication, and the Request Radio button. Enter the required information and then click OK.

 

That is it. Virtual Server 2005 will create a certificate request (.CER) for you to upload to a CA, however, it will also create a self-signed certificate that will take effect immediatley.





Published Monday, June 26, 2006 8:31 AM by rodney.buike
Filed under: ,

Comments

 

Canadian IT Professionals said:

The My TechNet Security tour is officially underway with the first stop in Winnipeg complete. As you

October 14, 2007 11:04 AM
Anonymous comments are disabled

This Blog

Sponsor

 

Syndication

Advertising

Get a free 5GB e-mail account @isalazyadmin.com

Affiliates

Canadian IT Professionals

Canadian IT Managers

Certifications & Awards


All postings are provided "AS IS" with no warranties, and confer no rights.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Copyright TheLazyAdmin Inc. All Rights Reserved 2004-2008