Configuring IIS7 and ELB for HTTPS using wildcard common name

I have recently been asked to add support for HTTPS on one of our web applications. With little to no experience on how to perform this kind of operation, my first thought was, oh, shouldn’t be too hard, take the certificate and plug it in the web server and let’s go for a drink… not really what happened. I’ll try to give the maximum details with the references to help anyone in this process.

Let’s start by the environment I am running:

  • Couple of IIS7 Web Servers
  • Amazon Elastic Load Balancer (ELB)
  • DigiCert Certificate (any trusted provider should work)
  • Wildcard domain (*.mydomain.com)

To create your certificate you will need to send a CSR to your provider.

For IIS 7 Follow the instruction below:

  1. Click Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
  2. Click on the server name.
  3. From the center menu, double-click the “Server Certificates” button in the “Security” section (it is near the bottom of the menu).
  4. Next, from the “Actions” menu (on the right), click on “Create Certificate Request.” This will open the Request Certificate wizard.
  5. In the “Distinguished Name Properties” window, enter the information as follows:
    Common Name – The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., www.domain.com or mail.domain.com).
    Organization – The legally registered name of your organization/company.
    Organizational unit – The name of your department within the organization (frequently this entry will be listed as “IT,” “Web Security,” or is simply left blank).
    City/locality – The city in which your organization is located.
    State/province – The state in which your organization is located.
    Country/region – If needed, you can find your two-digit country code at http://www.digicert.com/ssl-certificate-country-codes.htm.
  6. Click Next.
  7. In the “Cryptographic Service Provider Properties” window, leave both settings at their defaults (Microsoft RSA SChannel and 2048) and then click next.
  8. Enter a filename for your CSR file.
    Remember the filename that you choose and the location to which you save it. You will need to open this file as a text file and copy the entire body of it (including the Begin and End Certificate Request tags) into the online order process when prompted.

The full tutorial with screenshot and video is located at http://www.digicert.com/csr-creation-microsoft-iis-7.htm

You provider should then generate the SSL certificate and you should be able to download them in appropriate format for IIS. I would recommend using individual .crts in zipped format. You would find bunch of files and the one that will be of interest is the star_mydomain_com.crt. You can now complete your request on IIS by following steps 1 to 3 from the CSR request instructions and then the forth step would be to use the “Complete Certificate Request” from the option pane.

Complete Certificate Request

One important thing to note here is that if you have a wildcard domain the Friendly Name used to complete the CSR should be exactly the same as your common name : *.mydomain.com (this might not seem very important, but you will see the importance afterwards) If you already imported the certificate, you can use the Certificate Services MMC snap-in to change the friendly name of the certificate, find more on this page : http://technet.microsoft.com/en-us/library/cc753195%28v=ws.10%29.aspx

Once done, you can duplicate your certificate for use on your other IIS boxes if any and repeat the same steps.

Let’s jump to the configuration of our Elastic Load Balancer (Amazon ELB) to support HTTPS and import our certificate there. There are several technique and ways to do that. I will use the one that has been working in my case.

Find the basic reference on Amazon Web services ELB documentation http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/UserScenarios.html

Amazon Elastic Load Balancer HTTPS Setup

You will need to fill in the following fields:

Certificate Name:* – Any meaningful name to recognized your certificates afterwards

Private Key:* – RSA PRIVATE KEY

Public Key Certificate:* – Public key

This is where it becomes a bit touchy; you don’t have this information from your basic CSR or the certificate you need to use OpenSSL to generate them.

First you need to SSL Certificate / Export your private key, try these steps:

  1. Start the Microsoft Management Console  > Run mmc.exe
  2. Click the ‘Console’ menu and then click ‘Add/Remove Snap-in’.
  3. Click the ‘Add’ button and then choose the ‘certificates’ snap-in and click on ‘Add’.
  4. Select ‘Certificates’ and click ‘Add’.
  5. Select ‘Computer Account’ then click ‘Next’.
  6. Select ‘Local Computer’ and then click ‘OK’.
  7. Click ‘Close’ and then click ‘OK’.
  8. Expand the menu for ‘Certificates’ and click on the ‘Personal’ folder.
  9. Right click on the certificate that you want to export and select ‘All tasks’ > ‘Export’.
  10. A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file.

You can find the illustrated tutorial on this page: http://nl.globalsign.com/en/support/ssl+certificates/microsoft/all+windows+servers/export+private+key+or+certificate/
You need to have OpenSSL on your machine for the next step http://www.openssl.org/

Export the private key file from the pfx file

openssl pkcs12 -in filename.pfx -nocerts -out key.pem

Export the certificate file from the pfx file

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

Remove the passphrase from the private key

openssl rsa -in key.pem -out server.key

Use the data in the server.key file for the Private Key:* required by ELB and you will now need to download a PEM version of your SSL certificate from your provide which will include all keys. Then take the first part of
—–BEGIN CERTIFICATE—–
Lots of fancy HEX here!!!
—–END CERTIFICATE—–

Copy and paste it in the Public Key Certificate:* and Amazon ELB should accept your certificate.

Update #1 for configuration of ELB:

There is also one more thing that would avoid configuration of ELB, you can just set the TCP port 443 as inbound and outbound and your web server will act as the SSL termination. This should work straight forward.

Lately…

More and more time spent working on innovative projects and less time writing about them. Constantly trying to make it a must to share all these accumulated knowledge.

Lately at work I have been working on the migration of Vinivi, to the latest .NET platform using many enterprise best practices in terms of design patterns (S.O.L.I.D Principles), this was a great experience for the whole team and great step for the company.

Simple Resx Editor

I recently came to a nice Resx Editor alternative. It’s simple to use and the learning curve is very low. It’s perfect for your staff that you don’t want to train in Visual Studio to edit Resx file to text translation.

Take a look at it: http://simpleresxeditor.blogspot.com/2010/12/simple-resx-editor-0660-is-now.html

There is also a video tutorial available: http://www.youtube.com/watch?v=7hUdkqVXmWc&feature=player_embedded

It features:

* Highlight differences and coincidences (1)

* Highlight keys containing text

* Show/Hide keys

* Filter text-only rows

* Drag and drop support

* Multi-language UI

(1) With multiple resx files loaded

CodeIgniter – Pagination SEO Issue

I have recently been working with a PHP MVC Framework called CodeIgniter on a complete web application solution.  I have been trying some major framework like CakePHP, Zen and Symphony which where all very powerful framework for MVC and RAD development, the only thing they lack was a bit more of flexibility like CodeIgniter propose. Anyway may not have taken enought time to get to know all of the specifics of the other Frameworks, but while benchmarking i got aquainted to CodeIgniter much faster.

Even though CodeIgniter is a very flexible framework, it’s very lightweight and some feature for Web application have not been taken into account, that in mind, the people behind EllisLab, Inc made sure that these small twigs were easily bypassed by allowing complete customization of their libraries.

Here is my original issue:

I have a item listing page with pagination activated and I wanted the first page to be the the root URL of the item page.
e.g. http://www.mysite.com/items

But what CodeIgniter Pagination Library generated for the first page was: http://www.mysite.com/result/1

That is pretty inconvenient for SEO, because the crawler will find two pages with the same content while crawling the pages.

Thus i modified the CI_Pagination library an created MY_Pagination.

First of all i have added a new variable called first_page_url as class variable in MY_Pagination class

[php]

class MY_Pagination extends CI_Pagination {

var $first_page_url        = ”; // The first page will have this URL

[/php]

I have changed the original Pagination Library First page rendering from

[php]

// Render the “First” link
if  ($this->cur_page > ($this->num_links + 1))
{
$output .= $this->first_tag_open.'<a href=”‘.$this->base_url.'”>’.$this->first_link.'</a>’.$this->first_tag_close;
}

[/php]

to

[php]

// Render the “First” link
if  ($this->cur_page > ($this->num_links + 1))
{
$output .= $this->first_tag_open.'<a href=”‘.$this->first_page_url == ” ? $this->base_url : $this->first_page_url.'”>’.$this->first_link.'</a>’.$this->first_tag_close;
}

[/php]

This way if during the initialization of the Pagination class the configuration setting first_page_url was passed it will be used instead of the base_url.

Some modification were also made to the pagination digit generation from

[php]

// Write the digit links
for ($loop = $start -1; $loop <= $end; $loop++)
{
$i = ($loop * $this->per_page) – $this->per_page;

if ($i >= 0)
{
if ($this->cur_page == $loop)
{
$output .= $this->cur_tag_open.$loop.$this->cur_tag_close; // Current page
}
else
{
$n = ($i == 0) ? ” : $i;
$output .= $this->num_tag_open.'<a href=”‘.$this->base_url.$n.'”>’.$loop.'</a>’.$this->num_tag_close;
}
}
}

[/php]

to

[php]

// Write the digit links
for ($loop = $start -1; $loop <= $end; $loop++)
{
$i = ($loop * $this->per_page) – $this->per_page;

if ($i >= 0)
{
if ($this->cur_page == $loop)
{
$output .= $this->cur_tag_open.$loop.$this->cur_tag_close; // Current page
}
else if($loop == 1 && $this->first_page_url != ”)
{
$output .= $this->num_tag_open.'<a href=”‘.$this->first_page_url.'”>’.$loop.'</a>’.$this->num_tag_close;
}
else
{
$n = ($i == 0) ? ” : $i;
$output .= $this->num_tag_open.'<a href=”‘.$this->base_url.$n.'”>’.$loop.'</a>’.$this->num_tag_close;
}
}
}

[/php]

which will make sure that the page numbered 1 takes has the first_page_url has href when  first_page_url is available.

The complete file can be found here: MY_Pagination

IIS Log Archiving

You need to archive your IIS Log often so as not to get your log folder full with HTTP Logs.

I have been searching for some quick implemented solutions for performing this IIS Log archiving task and found some quiet nice discussions and article about it. Here are the links to the different post and forums that talk about a solution to solve this issue:

http://blogs.thesitedoctor.co.uk/tim/2007/02/10/Automatically+Delete+Old+IIS+Log+Files.aspx

http://www.iislogs.com/ (Tool to automate maintenance of IIS Log)

http://forums.webhostautomation.com/showthread.php?t=5053

http://forums.iis.net/p/1022450/1388469.aspx

On my side i need something with a bit more functionality so, i modified some of the scripts that i could find on the different article related above and came up with a solution that can.

  • Compress each log file found in your websites folder
  • FTP the compressed files on a foreign server ( Keeping historic of your IIS log ) Uses Chillkat Free FTP ActiveX
  • Delete them from your disk afterward

You can launch this process everyday and there will be no log that is older than a specified number of days on your server.

Requirement for this solution to work:

You can download the script here.

See the entire script in the full post.

Continue reading…

Virtualization using VirtualBox

Microsoft Virtual PC, which is a quiet efficient tool but needs licences to work with. Today while browsing the web i came to get accross a free open source alternative: VirtualBox

I installed it, had a copy of Linux Ubuntu and created it new virtual guest OS, it took me about 1 hour to set everything up.
From VirtualBox website:

VirtualBox is a family of powerful x86 virtualization products for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL). See “About VirtualBox” for an introduction.

Presently, VirtualBox runs on Windows, Linux, Macintosh and OpenSolaris hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista), DOS/Windows 3.x, Linux (2.4 and 2.6), and OpenBSD.

VirtualBox is being actively developed with frequent releases and has an ever growing list of features, supported guest operating systems and platforms it runs on. VirtualBox is a community effort backed by a dedicated company: everyone is encouraged to contribute while Sun ensures the product always meets professional quality criteria.

That said, I seriously encourage any developer, who needs Virtual OS to run, to either to make a development platform or doing test.

Here are some screen shots of running Windows XP and Ubuntu Linux.

The 30 skills every IT person should have

I found this article on infoworld.com it was written by Richard Casselberry. Here are some of them you can read the rest of the article here.

1. Be able to fix basic PC issues. These can be how to map a printer, back up files, or add a network card. You don’t need to be an expert and understand how to overclock a CPU or hack the registry, but if you work in IT, people expect you to be able to do some things.

[ If you have IT staffers who aren’t up to snuff, fire them. Learn how to do it right. ]

2. Work the help desk. Everyone, from the CIO to the senior architect, should be able to sit down at the help desk and answer the phones. Not only will you gain a new appreciation for the folks on the phones, but you will also teach them more about your process and avoid escalations in the future.

3. Do public speaking. At least once, you should present a topic to your peers. It can be as simple as a five-minute tutorial on how IM works, but being able to explain something and being comfortable enough to talk in front of a crowd is a skill you need to have. If you are nervous, partner with someone who is good at it, or do a roundtable. This way, if you get flustered, someone is there to cover for you.

4. Train someone. The best way to learn is to teach.

5. Listen more than you speak. I very rarely say something I didn’t already know, but I often hear other people say things and think, “Darn, I wish I knew that last week.”

Read more…

Freelancing, Online jobs for professionals

Nowadays many professionals in different activity sector offers their services and expertise through freelance portals. These portals are websites were you can post job offerings and register as a freelance to take job offerings. In terms of business, you can bargain and get the work done at an affordable price with expert professionals.

So where is the catch ? Why doesn’t everyone go online and work as a freelancer ?

It’s quiet simple, before getting a Job online it can take quiet a while you must register to several websites either paid or non paid, then apply for job positions that fits your expertise, wait for an answer and if you are accepted start working. When working as a freelancer you are not bound by any long term contract many a time, you get to work on a module for 1 month and when the job is done, you simply have to get to the entire process again, which can sometimes take several weeks before you get another job. So being a freelance is a tedious and long process, but it is quiet a remunerative process, since you get to work on different project and gain much more experience.

Since I have expertise in Web Technology and Programming here are some websites that i am registered to.

Guru.com

Guru.com Logo Guru.com was launched August 2000 (as A2Zmoonlighter.com)
It’s Mission: To provide the most efficient platform to connect and perform transactions with freelance professionals locally, nationally, and globally.

Guru.com Baseline

Odesk.com

odesk logo Odesk.com was created in 2003
It’s Mission: Build the world’s best network of technology service providers through screening, testing, and feedback
Offer the platform that lets buyers successfully hire, manage, and pay service providers from around the world

odesk platform

thecodingmachine.com

The Coding Machine Logo thecodingmachine.com was launched in late 2006
It’s Mission: offers you IT services. Thanks to a new approach, your projects can be delivered quicker and at lower cost.
Has created a web platform and linked together coders from all over the world.

There are many for website offering job posting and freelance work but, there are a the one i experienced with and i find them pretty good tools to deal with when you are searching for a job online to share your expertise.

Leave your comment on other sites that might be good, I’ll review them and update this post.

Exception: Collection was modified; enumeration operation may not execute.

It’s been a while that i didn’t get this Exception, while working, and yesterday, while I was performing some test on a new module that I implemented i got this exception. I knew i did get it sometimes back last year, and managed to solve it. So here is one solution when you are dealing with this kind of issue:

[csharp]

IList<Product> productList = new List<Product>();
productList.Add(new Product(“Some product 1”);
productList.Add(new Product(“Some product 2”);
productList.Add(new Product(“Some product 3”);
productList.Add(new Product(“Some product 4”);

[/csharp]

[csharp]

for(int i=(productList.Count -1); i >= 0; i–)
{
//Perform Edit, Update, Delete Operation using for .. i loop in reverse order
}

[/csharp]

There is a list of other solutions that can be found on the following websites:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=372532&SiteID=1
http://forums.asp.net/p/1147145/1861164.aspx
http://www.experts-exchange.com/Programming/Programming_Languages/Dot_Net/ASP_DOT_NET/Q_21585534.html