This post is going to contain some basic information about the creation and management of Self-Signed Certificates and IIS. It is actually in anticipation of another post which I plan to publish next about the creation of such a certificate for development purposes.
I will presume you have IIS Manager 7 installed on your machine.
If you don’t, go ahead and install it.
Server-side Certificate Installation
To create a Self-Signed Certificate using IIS, execute the following steps:
- With IIS Manager open, click on the top-most node in the treeview which represents the root server
- In the IIS section of the right-hand pane, double-click on the Server Certificates icon
- In the far-right column, which has a heading
Actions, click the link which says
Create Self-Signed Certificate…
- Give your certificate a name as depicted below and follow the the rest of the wizard.
You will see that your new certificate has been added on your IIS instance. Note how it has a Certificate Hash. We will use that below.
Exporting the Certificate
Now that we have done the server-side stuff for our certificate, it is time to install it on a machine (the client-side stuff). The first thing we need to do is export a new certificate to a
pfx file, which we will then import into our local certificate store.
- Right-click on the new certificate in the list and select Export from the context menu
- Give the exported certificate a name with a
pfx file extension
- Enter and confirm a password for the certificate
- Click OK and the export will be complete.
Client-side Certificate Installation
The best way to manage certificates on your machine is by way of the Certificate Manager. You can open this by clicking the Start Menu and typing
certmgr.msc. When the start menu has filtered itself down to 1 item (the Certificate Manager), push the enter button.
Next up, we will add the certificate to the
Trusted Root Certification Authorities store. To do that, follow these steps:
- Expand the tree node labelled Trusted Root Certification Authorities in the left-hand pane
- Right click on the Certificates node which is exposed by virtue of step 1
- Select All Tasks > Import from the context menu
- Follow the wizard, selecting the
pfx file which you created above.
You should be able to find your certificate easily enough after the import. There is a find dialogue in the Certificate Manager. Or another way of finding it quickly is ordering the items in the Trusted Root Certification Authorities > Certificate window by the Friendly Name column, which is the one that contains the name we gave it earlier.
We can now take a look at that certificate – double click on it in Certificate Manager. Navigate to the
Details tab, scroll down to the
Thumbprint property and there you will see that same hash that we observed in IIS when we first created it.
Use the Certificate
To implement SSL in your website, you need to add an SSL binding for that site. To do that, follow these steps:
- Click on the website in IIS (mine is called CertTester)
- Stop the website
- In the
Actions column on the far right, click the Bindings link
- Click the Add button
- Choose https from the top combobox
- Choose your certificate in the bottom combobox and click OK
- Start your website
You can now browse to that website by clicking the
Browse *:443 (https) link in the
You will see something wildly unsatisfying like the following IE screenshot:
And here is the Chrome equivalent:
You can then click:
- Continue to this website (not recommended) (IE)
- Proceed anyway (Chrome)
to continue through to the page content.
My next post will show you how to create a better Self-Signed Certificate for development purposes which results in no browser warning when you load the
https address (for IE and Chrome only).