Windows 2008 Self Signing Certs (IIS7)
Before binding SSL rules to our new site, we need to first import and setup a security certificate to use with the SSL binding.
- Certificates are managed in IIS 7.0 by clicking the root machine node in the left-hand tree-view explorer, and then selecting the “Server Certificates” icon in the feature pane on the right:
- This will then list all certificates registered on the machine, and allow you to optionally import and/or create new ones.
- I could optionally go to a certificate authority like Verisign and purchase a certificate to import using this admin UI. Alternatively, I can create a “self-signed certificate” which is a test certificate that I can use during the development and testing of my site. To-do this, click the “Create Self-Signed Certificate” link on the right-hand side of the admin tool:
- Enter a name to use for the certificate (for example: “test”) and hit ok. IIS7 will then automatically create a new self-signed crypto certificate for you and register it on the machine:
Self-signed SSL Certificates on IIS7 and Common Names
- Copy SelfSSL.exe to local computer. (Download this file from the Internet.)
- Create the Self-Signed Certificate using the Wizard. (Done above)
- Run this command on the server to change the Site ID (Issued To, Issued By) SelfSSL /N:CN=somename.com /K:1024 /V:365 /S:1 /P:443
- Test new Cert and install the Cert when prompted. (If needed, go to the SitesàSitename, and then click on Bindings and add the https: and associate it with the new Cert.)