GTKC Knowledgebase
A little bit of wisdom
Home | How do I create a self signed certificate for IIS?
How do I create a self signed certificate for IIS?
Posted by  Admin on 2014-09-19 14:17:54:


Download and install the win32 distribution of OpenSSL from Shining Light Productions here

Follow the installation instructions and install OpenSSL accepting the defaults.

The default installation path is C:\OpenSSL

Add C:\OpenSSL\bin to your system path (Control Panel, System, Advanced, Environment Variables, System Variables)

By default, the installation references C:\OpenSSL\bin\openssl.cnf via an environment variable created during installation, called OPENSSL_CONF but this mini-howto uses a custom openssl.conf placed in C:\OpenSSL

Download this openssl.conf (this is a zip, you will need to extract it) and place it in C:\OpenSSL.

Note: All commands to be typed at the prompt are highlighted 
like this.


Create working directories:
C:\OpenSSL> md keys
C:\OpenSSL> md certs
C:\OpenSSL> md requests

Create an empty file called database.txt - this will maintain a list of all certs you create.
C:\OpenSSL> copy con database.txt
^Z
C:\OpenSSL>

Create a file called serial.txt with 01 as the content (this will maintain a count of certs created)
C:\OpenSSL> copy con serial.txt
01
^Z
C:\OpenSSL>

Set up a Certificate Authority (CA)

Note: All the following commands are run from C:\OpenSSL
openssl genrsa -des3 -out keys/ca.key 1024

Next, create a master certificate based on this key, to use when signing certificates:
openssl req -config openssl.conf -new -x509 -days 999 -key keys/ca.key -out certs/ca.cer

This will create a CA certificate valid for 999 days, and store it as C:\OpenSSL\certsca.cer

Convert the certificate for use with iis:
openssl x509 -in certs/ca.cer -outform DER -out certs/ca.der

See Microsoft Article ID :228821 for details on how to create a certificate request in iis.
Save the generated certificate request in C:\OpenSSL\requestscertreq.txt

Sign the certificate request:
openssl ca -policy policy_anything -config openssl.conf -cert certs/ca.cer -in requests/certreq.txt -keyfile keys/ca.key -days 360 -out certs/iis.cer

Install the new certificate into IIS following the instructions given in Microsoft Article ID :228836 Installing a New Certificate with Certificate Wizard for Use in SSL/TLS




Tags: IIS , selef signed certificate , Windows (duplication?)

Return to home page: Home