Create exportable self signed cert with custom EKUs

Multiple EKUs separated by commas. Creates an unprotected cert in the current user's personal store. Check this page for a list of EKUs.

makecert -n "CN=Blah" -r -eku 1.3.6.1.5.5.7.3.3 -pe -ss My

Disable CRL Checking in IIS 6

from here:

The simplest way to disable the CRL check is by using adsutil.vbs, located in the \inetpub\adminscripts folder. The following command will disable the CRL check for the first web site:

cscript adsutil.vbs SET w3svc/1/CertCheckMode 1
To re-enable CRL checking, do:

cscript adsutil.vbs SET w3svc/1/CertCheckMode 0
 

ISA Internal Server Error

Note to self: ISA HTTP 500 internal server error messages with descriptions that run something like Target Principal Name is Incorrect are usually a result of the name on the certificate of the published server not matching the server's name. For instance, if you publish www.foo.com through ISA, but www.foo.com is configured with a server cert for www.foobar.com (or even www.foo.net), you'll get this error.