Windows Server 2003 R2 / IIS6 & SHA-256 SSL Certificates

windows-server-2003 ssl-certificate iis-6
11,489

There are a few updates that add SHA-256 support in Windows Server 2003. The one you need is KB2868626; when installed this update will enable you to install SHA-256 SSL certificates on Server 2003 SP2. You may want to install the ones below as well so you can connect to your own site.

KB938397 adds SHA-256 support to Server 2003 (SP1 or SP2). This update only enables Server 2003 to connect to sites that are using SHA-256 certs, but cannot serve them up itself (for that you need the above KB2868626). There is an additional SHA-2 update where XP & Server 2003 clients cannot get SHA-256 certificates from Windows Server 2008, that is KB968730.

Regarding the CSR generation, if you are purchasing a certificate from a public CA you shouldn't need to specify the signature algorithm in the CSR. The CA will issue your cert signed with SHA1 or SHA2 depending on your selection and/or the CA's issuance policy.

I did look into it and I don't see a way in Server 2003 to create a SHA-256 CSR. There is a utility called "Certreq" built in to Windows. I don't see HashAlgorithm in the Server 2003 version of certreq, but it is present in later versions.

One other reference I found was creating a custom request through the MMC. In the tutorial it references selecting a hash algorithm, but the screenshot doesn't match. May be worth investigating.

Some additional Resources:

  1. SHA-2 and Windows
  2. Common Questions about SHA-2 and Windows
  3. Detailed SHA-2 Compatibility article.
Share:
11,489

Related videos on Youtube

Chris
Author by

Chris

Updated on September 18, 2022

Comments

  • Chris
    Chris almost 2 years

    Was hoping someone could help me out with this one as there seems to be conflicting articles on the subject.

    I've got a legacy server running Windows Server 2003 R2 with IIS6 and need to generate an SSL Certificate Request in SHA-256.

    I've installed this Hotfix from MS (http://support.microsoft.com/kb/948963) which is supposed to add SHA-256 support.

    Now that its been installed, how exactly do I get IIS to generate the CSR in SHA-256?

    Thanks in advance

    Chris

  • Chris
    Chris over 9 years
    Hi Jeff,Thanks for the update... i've already tried the search you suggested but got lots of conflicting answers so was hoping someone might have managed to do this and have a definitive guide?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

IIS6: Web Site presenting the wrong SSL certificate
Opening certmgr.msc to display the Machine level certificates
No clue.. Overflow, Microsoft VBScript runtime error '800a0006'
How to make ASP.NET MVC work in IIS 6?
IISAdmin won't start, error 0x80090006 - how to troubleshoot further?
IIS 6 SMTP how to test email is sending
How can I monitor the connection pool in IIS?
How to fix: faulting application w3wp.exe?
IIS 6.0 https not working "connection was reset"
IIS not listening on port 80