Self-certifying an IIS site

Or, Why Microsoft Blows.

My husband asked me for help with a consulting job last night, so I dusted off my incredibly old and rusty skills and tried to remember things I did 4 years ago and then translate them to another platform and two generations of operating system later. And I did it! I think. I did something, anyway, and I think I know what else I NEED to do to finish the job. Vague enough for you?

This won't be interesting to anyone but me, probably, but Microsoft annoys me so much that I have to vent it anyway. In my former life, I worked on Lotus Domino servers. They don't have as much market share as Microsoft, which makes no sense to me, as Lotus is more secure and just plain makes more sense. Certificates are a case in point.

Well, let me back up. A certificate is something you add to a web site that tells visitors (or their web browsers) "you can trust this website, its authenticity has been verified." You can get a certificate in two ways. 1 - There are a handful of globally trusted verifiers, whose business it is to verify (duh, and how many times can I say "verify" in one paragraph) that a website is legitimate. So, if you want to make your website look trustworthy, you pay one of these companies to check you out, make sure you're legit, and issue you an electronic certificate to put on your site. 2 - Alternatively, if you're just setting up the site for your own personnel, for example, you can authenticate your own website, and give yourself a homemade certificate. If you do this, people accessing your site will get a message that the certificate is not from one of the big trusted companies, but it will work just the same.

So, I was working on option 2 - creating my own certificate and verifying it myself. In Lotus, which I used to use, there's an easily followed and logical set of steps for doing this. The software designers recognized that this is a common need and made the process as painless as possible. Microsoft, on the other hand, seems to have taken this opportunity to play a little game of hide and seek with web admins. First of all, Microsoft blows in general, and there is no central admin console except what you cobble together yourself out of "snap-ins" (which sound like snap-ONS and make me want to do unnatural and painful things to the morons who developed them). Once you stumble, through trial and error, upon the correct snap-in, you then have to check the properties of the "default site" (hoping it's the right one), then pick one of like 10 tabs with similar and ambiguous names, then finally request a certificate. Now, you'd assume the process for verifying the certificate would be at least a little bit the same, but you would be completely wrong. To verify the certificate, you have to go to add/remove programs in the control panel. WHAT??? You scream in frustration, pulling out your hair! That makes no sense at all! You are correct, sir.

Anyway, I wandered and roamed throughout the operating system on this poor unsuspecting company's server (I had their permission, they were unsuspecting only in their unfounded trust in my abilities) until I finally figured out how to recreate, using a retarded software, that which I could do in my sleep four years ago using an intelligent one. And then my brain exploded, but I had my pride to comfort me.