How do I create a self signed certificate for IIS?

IIS Windows

Download and install the win32 distribution of OpenSSL from Shining Light Productions here

Follow the installation instructions and install OpenSSL accepting the defaults.

The default installation path is C:\OpenSSL

Add C:\OpenSSL\bin to your system path (Control Panel, System, Advanced, Environment Variables, System Variables)

By default, the installation references C:\OpenSSL\bin\openssl.cnf via an environment variable created during installation, called OPENSSL_CONF but this mini-howto uses a custom openssl.conf placed in C:\OpenSSL

Download this openssl.conf (this is a zip, you will need to extract it) and place it in C:\OpenSSL.

Note: All commands to be typed at the prompt are highlighted

like this.

Create working directories:

C:\OpenSSL> md keys
C:\OpenSSL> md certs
C:\OpenSSL> md requests

Create an empty file called database.txt – this will maintain a list of all certs you create.

C:\OpenSSL> copy con database.txt

Create a file called serial.txt with 01 as the content (this will maintain a count of certs created)

C:\OpenSSL> copy con serial.txt

Set up a Certificate Authority (CA)

Note: All the following commands are run from C:\OpenSSL

openssl genrsa -des3 -out keys/ca.key 1024

Next, create a master certificate based on this key, to use when signing certificates:

openssl req -config openssl.conf -new -x509 -days 999 -key keys/ca.key -out certs/ca.cer

This will create a CA certificate valid for 999 days, and store it as C:\OpenSSL\certsca.cer

Convert the certificate for use with iis:

openssl x509 -in certs/ca.cer -outform DER -out certs/ca.der

See Microsoft Article ID :228821 for details on how to create a certificate request in iis.
Save the generated certificate request in C:\OpenSSL\requestscertreq.txt

Sign the certificate request:

openssl ca -policy policy_anything -config openssl.conf -cert certs/ca.cer -in requests/certreq.txt -keyfile keys/ca.key -days 360 -out certs/iis.cer

Install the new certificate into IIS following the instructions given in Microsoft Article ID :228836 Installing a New Certificate with Certificate Wizard for Use in SSL/TLS