Generate Machine Key Iis 8

Posted on  by

The following instructions will guide you through the CSR generation process on Microsoft IIS 8. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below.

Machine Keys IIS 8: ASP. NET uses Machine keys To protect Forms authentication cookie data and page-view state data.The keys are also used to run sessions out-of-process. Although you can set these machine keys at any level, from server level down to file level, by default they are locked at the server and website levels only.

Machine Key.; 4 minutes to read; In this article Applies To: Windows Server 2012 R2, Windows Server 2012. Use the Machine Key feature page to configure hashing and encryption settings used for application services, such as view state, Forms authentication, membership and roles, and anonymous identification. Answering one of the recent question on SO, i encountered this anomaly. This msdn blog suggests using IIS to generate machine key, which looks more secure to me as Microsoft tool being used. However, it seems this feature is only supported until IIS 7 or less. I don't find it on my box IIS 8.5. I checked on IIS 7.5 and its not present there either.

1. Open Internet Information Services (IIS) Manager

Click Start, Control Panel, System and Security, Administrative Tools, and then select Internet Information Services (IIS) Manager.

2. Select the server where you want to generate the certificate

In the left Connections menu, select the server name (host) where you want to generate the request.

3. Navigate to Server Certificates

In the center menu, click the Server Certificates icon under the Security section near the bottom.

4. Select Create a New Certificate

Machine

In the right Actions menu, click Create Certificate Request.

5. Enter your CSR details

In the Distinguished Name Properties window, enter in the required CSR details and then click Next.

Generator.zip

Note: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article.

6. Select a cryptographic service provider and bit length

In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next.

Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility.

7. Save the CSR

Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish.

8. Generate the Order

Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including:

Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process.

Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles.

After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft IIS 8.

Was this article helpful?

Related Articles

-->

Applies To: Windows Server 2012 R2, Windows Server 2012

Use the Machine Key feature page to configure hashing and encryption settings used for application services, such as view state, Forms authentication, membership and roles, and anonymous identification. Machine keys are also used to verify out-of-process session state identification.

Note

If you deploy your application in a web farm, make sure that the configuration files on each server in the web farm have the same value for the validation key and decryption keys, which are used for hashing and decryption respectively. Otherwise, you cannot guarantee which server handles successive requests.

Related scenarios

UI Elements for Machine Key

The following tables describe the UI elements that are available on the feature page and in the Actions pane.

Generate Machine Key Iis 8 1

Feature Page Elements

Generate Machine Key Iis

Element Name

Description

Validation method

2010 microsoft office key generator. Select one of the following options to specify the validation method the machine key uses:

  • AES - Advanced Encryption Standard (AES) is relatively easy to implement and requires little memory. AES has a key size of 128, 192, or 256 bits. This method uses the same private key to encrypt and decrypt data, whereas a public-key method must use a pair of keys.

  • MD5 - Message Digest 5 (MD5) is used for digital signing of applications, for example, mail messages. This method produces a 128-bit message digest, which is a compressed form of the original data. MD5 can provide some protection against computer viruses and programs that mimic harmless applications but are destructive.

  • SHA1 – This method is the default setting. SHA1 is considered to be more secure than MD5 because it produces a 160-bit message digest. Use SHA1 encryption whenever possible.

  • TripleDES - Triple Data Encryption Standard (TripleDES) is a minor variation of Data Encryption Standard (DES). It is three times slower than regular DES but can be more secure because it has a key size of 192 bits. If performance is not your primary consideration, consider using TripleDES.

  • HMACSHA256 - Hash-based Message Authentication Code (HMAC) mixes a secret key with the message data, hashes the result with the hash function, mixes that hash value with the secret key again, and then applies the hash function a second time. The output hash is 256 bits in length.

  • HMACSHA384 - Hash-based Message Authentication Code (HMAC) with an output has that is 384 bits long.

  • HMACSHA512 - Hash-based Message Authentication Code (HMAC) with an output has that is 512 bits long.

Encryption method

Select one of the following options to specify the encryption method the machine key uses:

  • Auto – This method is the default setting. Auto works with whichever encryption method you specified.

  • AES - Advanced Encryption Standard (AES) is relatively easy to implement and requires little memory. AES has a key size of 128, 192, or 256 bits. This method uses the same private key to encrypt and decrypt data, whereas a public-key method must use a pair of keys.

  • TripleDES - Triple Data Encryption Standard (TripleDES) is a minor variation of DES. It is three times slower than regular DES but can be more secure because it has a key size of 192 bits. If performance is not your primary consideration, consider using TripleDES.

  • DES - Data Encryption Standard (DES) uses a 56-bit key to both encrypt and decrypt data. If your server, site, or application does not require the strongest security, consider using DES.

Validation key

Computes a Message Authentication Code (MAC) to confirm the integrity of the data. This key is appended to either the Forms authentication cookie or the view state for a specific page.

Select one of the following options to specify how the validation key is generated:

  • Automatically generate at runtime: Instructs ASP.NET to generate a random key at runtime.

  • Generate a unique key for each application: Isolates applications from one another by generating a unique key for each application based on the application ID of each application. If your application is deployed in a web farm, duplicate your application's key across all servers in the farm.

Decryption key

Used to encrypt and decrypt Forms authentication tickets and view state.

Select one of the following options to specify how the decryption key is generated:

  • Automatically generate at runtime: Instructs ASP.NET to generate a random key at runtime.

  • Generate a unique key for each application: Isolates applications from one another by generating a unique key for each application based on the application ID of each application. If your application is deployed in a web farm, duplicate your application's key across all servers in the farm.

Generate Machine Key Iis 8 Download

Actions Pane Elements

Machine Key Stock

Element Name

Description

Apply

Saves the changes that you have made on the feature page.

Cancel

Cancels the changes that you have made on the feature page.

Generate Keys

Generates a validation key and a decryption key in the corresponding boxes on the feature page.