## Adding SSL Wildcard Certificates to IIS Webs

March 21, 2017

As web browsers start to issue warnings on plain http websites if you are asked to input username/password, it’s time to add SSL certificates even on dev/test servers. We can expect more aggressive warnings in the future 😉

Apparently there is a way to create a self-signed certificate built into IIS (screenshot from Windows Server 2008)

but this seems to create cerficates only for the host name, not for any domain hosted on the machine.

Back to square one, start up a current Linux machine, and make sure your openssl is newer than version 1.0.1f. (Remember Heartbeed?).

The instructions I found to create self-signed certificates are nearly identical (source, source, source)

openssl genrsa 2048 > my-host.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key my-host.key > my-host.cert
# make sure Common Name starts with "*.", e.g. *.my-host.com
openssl x509 -noout -fingerprint -text < my-host.cert > my-host.info
cat my-host.cert my-host.key > my-host.pem

For use in IIS, you need to create a .pfx from these certificate files:

openssl pkcs12 -inkey my-host.pem -in my-host.cert -export -out my-host.pfx

Copy the .pfx to your IIS machine.

In IIS Manager, select “Server Certificates” on the server node, click “Import…” to import the .pfx certificate.

Start up mmc, “File”, “Add/Remove Snap-in”, select “Certificates”, “Add”, “Computer account”, “Finish”, “OK”, (this click orgy shows you how important certificates were in 2008, as compared to Start/Administrative Tools/Data Sources (ODBC) 😉 ) and find the imported certificate(s) under

Console Root\Certificates\Personal\Certificates

Right-click each of them, select Properties, and make sure that the Friendly Name starts with “*.” for wild-card certificates. Otherwise, you cannot assign a host name for https web sites.

Back in IIS Manager, select each site you want to add https support, click Bindings, Add, select Type: https and select the wild-card SSL certificate. Only if the friendly name starts with *, you can/must set the site’s Host name. Click OK and you are done.

If you want your sites to redirect http to https automatically, make sure the Require SSL box is not checked in the site’s SSL Settings.

The minimal web.config to perform these redirects looks like this (source, source)

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect-HTTP-HTTPS-IIS">
<match url="(.*)" />
<conditions>

## How I survived “S.M.A.R.T. Status: BAD. Backup and Replace”

June 12, 2012

My Windows 7 started to display the “Windows detected a hard disk problem” error message. While I first ignored it, I finally ran chkdsk /f /r on all disks just to make sure erroneous sectors would not cause the error to show again.

Unfortunately, this did not work out, and the error message became more persistent.

A look into the event log presented more and more warnings (Event ID 52, Source Disk)

The driver has detected that device <device> has predicted that it will fail. Immediately back up your data and replace your hard disk drive. A failure may be imminent.

and errors (Event ID 7, Source Disk)

The device, <device>, has a bad block.

(The Events and Errors Message Center does not even know these event IDs exist.)

Restarting the PC would stop the boot process with the message

S.M.A.R.T. Status: BAD. Backup and Replace
Press F1 to continue

I decided to finally bring myself to fix the situation, and asked teh internets how to do it. (I already fixed a dying drive once, but that was Ubuntu, and this is Windows, and it can get ugly.

The dying disk is a Seagate, so I tried the SeaTools (both Windows and DOS) because they might help resolve the errors, but they didn’t.

Fortunately, the new disk is also a Seagate, a different model but the same size as the old one, so I downloaded Seagate DiscWizard on my laptop to create a bootable CD. Unfortunately, DiscWizard setup requires Seagate disks installed in the PC, which the laptop does not have. Back to square one.

In the end, I mounted the new disk in the PC, installed DiscWizard, and started it. The selection of source and destination disks cause adrenaline levels to jump, but the selection dialog (of both disks) always displays the partitions of each selected disk, so the the likelihood of selecting both drives wrong due to poor UI is greatly reduced (see screenshots in the HowTo).

After disk copying completed, I disconnected the old disk and left the new disk connected on the same cable as during copying, booted, and, voilà, logged into my old new Windows 7.