Create a self signed SSL Certificate

 The steps below ouline how to create a self signed cert for use on your local development machine.  This will allow you to run local sites under HTTPS for testing purposes.

1.       Bring up a Visual Studio Command Prompt:  “All Programs>Microsoft Visual Studio 2008>Visual Studio Tools>Visual Studio 2008 Command Prompt” (substitute "Visual Studio 2010" where appropriate if using Visual Studio 2010).

2.       Execute the “makecert” command for your machine.  For this example the fully qualified host name, “yourdomain.com
 
”, is used as the certificate name:
makecert -r -pe -n "CN=yourdomain.com" -b 01/01/2008 -e 01/01/2050 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 yourdomain.com.cer

3.       Use the IIS Web Server Certificate Wizard by right clicking on the web site where you want to install the certificate.

4.       Steps to add the Certificate to the the website:

1.       Right click the the website.

2.       Select “Properties”.

3.       Select the “Directory Security” tab.

4.       Select “Server Certificate”  from the “Secure communications” section of the tab.

5.       Click “Next” on the intro to the Web Server Certificate Wizard.

6.       Check “Assign an existing certificate” and click “Next”.

7.       Select the certificate name you just created with “makecert” above and click “next”.

8.       Specify the SSL port.

9.       Review your selections and click “next”.

10.   Click “Finish” to end the wizard.


Client Certificate Installation

In order to use SSL without the warning/error messages that IE will display by default when the server’s SSL certificate has not been issued by a recognized Certificate Authority (such as Verisign, etc.); you will need to add the certificate created by makecert into the “Trusted Root Certification Authorities” store of your Local Computer.

The steps to do this are as follows:

1.      Open up mmc (type “mmc” at the run or command prompt).

2.       Select “File>Add Remove Snap-In…”

3.       Select “Certificates” from the “Available snap-ins” and click “Add”.

4.       Select the “Computer Account” radio button.

5.       Select “Local Computer”, then “Finish”, then “OK”.

6.       Open up the “Certificates>Trusted Root Certification Authorities>Certificates” branch.

7.       Right click on “Certificates” and select “All Tasks>Import…”

8.       Click “Next”

9.       Browse to the certificate file created by “makecert” and “open”.

10.   Click “Next”

11.   Click “Finish”

 

Comments are closed