Generate Machine Key Iis 6

IIS 8.0 supports managing both ASP.NET 3.5 and ASP.NET 4.5 applications using both the graphical IIS Manager tool as well as IIS' command-line management tools. Both graphical and command line IIS management tools operate in a version-specific manner when reading or writing configuration information for ASP.NET applications.

  1. Generate Machine Key From Iis
  2. How To Generate Machine Key In Iis
  3. Generate Machine Key Iis
  4. Generate Machine Key Iis
  • Jul 06, 2011 Generate Machine Key in IIS7. Let’s see the example on how to generate machine key for web site. Open your IIS Manager from Administrative tool- Internet Information Services Manager. In Connection pane on left side of window, click on the website. Double click on Machine Key icon as shown below.
  • Searching for 'validationkey' in the machine.config, machine.config.comments, and machine.config.default returns nothing. I have entered the above validation key (different one of course) right below the entry in the machine.config and reset IIS. The users are still experiencing the same problem as before which is.
-->

The machineKey element of the ASP.NET web.config specifies the algorithm and keys that ASP.NET will use for encryption. By default the validationKey and the decryptionKey keys are set to AutoGenerate which means the runtime will generate a random key for use. This works fine for applications that are deployed on a single server. When you use webfarms a client request can land on any one of the servers in the webfarm. Hence you will have to hardcode the validationKey and the decryptionKey on all your servers in the farm with a manually generated key.

There are a lot of articles that describe how to use RNGCryptoServiceProvider to generate a random key. There are also a lot of online tools that generate random keys for you. But I would suggest writing your own script because any one who has access to these keys can do evil things like tamper your forms authentication cookie or viewstate.

With IIS 7 you no longer have to do this manually. The IIS 7.0 manager has a built in feature that you can use to generate these keys.

It uses RNGCryptoServiceProvider internally to create a random key. The value is stored locally in the web.config of that application something like

<?xml version='1.0' encoding='UTF-8'?>
<configuration>
<system.web>
<machineKey decryptionKey='F6722806843145965513817CEBDECBB1F94808E4A6C0B2F2,IsolateApps' validationKey='C551753B0325187D1759B4FB055B44F7C5077B016C02AF674E8DE69351B69FEFD045A267308AA2DAB81B69919402D7886A6E986473EEEC9556A9003357F5ED45,IsolateApps' />
</system.web>
</configuration>

You can copy it and paste it in the web.config file of all the servers in the webfarm.

You can also use Microsoft IIS to generate a Private Key and CSR.

How to generate a CSR in Microsoft IIS 7

1. Click Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
2. Click on the server name.
3. From the center menu, double-click the 'Server Certificates' button in the 'Security' section (it is near the bottom of the menu).

4. Next, from the 'Actions' menu (on the right), click on 'Create Certificate Request.' This will open the Request Certificate wizard.

5. In the 'Distinguished Name Properties' window, enter the information as follows:

  1. Common Name - The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., www.domain.com or mail.domain.com).
  2. Organization - The legally registered name of your organization/company.
  3. Organizational unit - The name of your department within the organization (frequently this entry will be listed as 'IT,' 'Web Security,' or is simply left blank).
  4. City/locality - The city in which your organization is located.
  5. State/province - The state in which your organization is located.

6. Click Next.
7. In the 'Cryptographic Service Provider Properties' window, leave both settings at their defaults (Microsoft RSA SChannel and 2048) and then click next.

8. Enter a filename for your CSR file.

/generate-public-key-from-certificate.html. Be very careful with this file, as it contains both the public and private key for this certificate so you obviously want to keep it safe. Right click and export it, and make sure that you export the private key with it. The wizard should ask you to password protect the file.You can now take this exported certificate, with its private key, to any other server you like. You can see that you have a corresponding private key for this certificate because it has a little key on its icon. Assuming the Certificate Authority grants your request, the signed response that you get back from the CA will be bound with your private key at the time that you complete the certificate request.Once you've completed the certificate request, open an MMC console and add the Certificates snapin and locate the certificate that you just received.

9. Remember the filename that you choose and the location to which you save it. You will need to open this file as a text file and copy the entire body of it (including the Begin and End Certificate Request tags) into the online order process when prompted

2. Back Up Private Key

To backup a private key on Microsoft IIS 6.0 follow these instructions:

1. From your server, go to Start > Run and enter mmc in the text box. Click on the OK button.
2. From the Microsoft Management Console (MMC) menu bar, select Console > Add/Remove Snap-in.
3. Click on the Add button. Select Certificates from the list of snap-ins and then click on the Add button.

Generate Machine Key From Iis

4. Select the Computer account option. Click on the Next button.

5. Select the Local computer (the computer this console is running on) option. Click on the Finish button.
6. Click on the Close button on the snap-in list window. Click on the OK button on the Add/Remove Snap-in window.
7. Click on Certificates from the left pane. Look for a folder called REQUEST or 'Certificate Enrollment Request> Certificates

8. Select the private key that you wish to backup. Right click on the file and choose > All Tasks > Export

9. The certificate export wizard will start, please click Next to continue. In the next window select Yes, export the private key and click Next

10. Leave the default settings selected and click Next.

Generate machine key in iis

How To Generate Machine Key In Iis

11. Set a password on the private key backup file and click Next
12. Click on Browse and select a location where you want to save the private key Backup file to and then click Next to continue. By default the file will be saved with a .pfx extension.
13. Click Finish, to complete the export process

3. Convert to RSA Private Key Format

Generate Machine Key Iis

The private key is backed up as a ‘.pfx’ file, which stands for Personal Information Exchange.

To convert it to RSA Private Key format supported by inSync:

1. Download and install latest version of OpenSSL for windows from http://www.slproweb.com/products/Win32OpenSSL.html.

Note: OpenSSL requires Visual C++ 2008 Redistributables which can be downloaded from the same website.

2. Open command prompt, navigate to C:OpenSSL-Win32bin>, and run the following commands.

3. The private key will be saved as ‘myserver.key’.

Generate Machine Key Iis

4. Carefully protect the private key. Be sure to backup the private key, as there is no means to recover it, should it be lost.