Manage Learn to apply best practices and optimize your operations.

What is required to deploy Web server application in MS Application Center

In this Ask the Expert Q&A, our application security expert examines whether or not it's possible to exclude X.509 certificates and private keys if you use MS Application Center to deploy a Web server application.

When I use MS Application Center to deploy a Web server application, can I exclude IISÂA;s certificates (X.509) and private keys? I have many Web server applications to deploy with MS Application Center (pages, com+), but I need to protect the private keys.

In the context of Microsoft Application Center 2000, an application is a list of resources that are synchronized within, or deployed to, a cluster. This listing references resources so that more than one application can reference the same resource. Deployment in Application Center is the transfer of content and configuration settings from one cluster, usually a stager, to another (usually the production cluster). This differs from synchronization, which replicates content and configuration settings from the cluster controller to one or more cluster members, ensuring that all synchronized content is identical across the cluster. However, the processes and resources that are used are identical and you can deploy and synchronize content by using the Application Center snap-in.

You cannot explicitly add X.509 certificates to applications by using the Application Center snap-in or the command-line tool. However, they are automatically synchronized or deployed with their associated Web sites if the private key can be exported. Furthermore, the X.509 certificate must be used for server authentication and bound to a name that is valid across the cluster, such as the cluster's shared DNS name. I'm not sure why you do not want to deploy the IIS Web server certificate to the production server, but I would try creating and using a non-exportable certificate so it can't be included in the automatic deployment process.

This was last published in November 2005

Dig Deeper on PKI and digital certificates

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.