Creating Self-Signed Certificates with SelfSSL


SelfSSL is a handy tool for generating self-signed certificates with custom common name. This is particularly useful for use with websites in development and test environments.

Environment

  • Windows 7 Professional/Windows 2008 / 2008 R2 Server operating system
  • IIS 7

Here are the steps for downloading, generating and binding a self-signed certificate:

  1. Download the SelfSSL tool from here.
  2. Extract the zip file to a location on your local drive
  3. Start > Accessories
    Right click Command Prompt and select Run as administrator
  4. Change to the location where SelfSSL was extracted, e.g. assuming it was extracted to the learn\ssl directory:
    cd c:\learn\ssl
  5. To find out how to use the tool, type:
    >SelfSSL7 /?
  6. Let’s create a certificate for our localhost, with 2048 bit strength and 3 years certificate expiry and add it to the user’s Trust Certificates list:
    >SelfSSL7 /N cn=localhost /K 2048 /V 1095 /T

Parameters:

/N name Specifies the common name(s) of the certificate.
/K size Specifies the key length. Default is 1024.
/V days Specifies the validity of the certificate in days.  Default is 30 days.
/T Adds the self-signed certificate to user’s “Trusted Certificates” list.

Hence the following command generates self-signed certificate for localhost with a key strength of 2048 bits and an expiry of 1095 days or 3 years (i.e. 365×3)

>SelfSSL7 /N cn=localhost /K 2048 /V 1095 /T

Confirm Generation of Certificate

We can confirm the certificate using an mmc, and the IIS Manager console. Let’s start with the mmc:

  1. Click Start
  2. Type mmc and hit Enter
  3. File > Add/Remove Snap-in…
  4. Click on Certificates > Add
  5. Computer Account > Local Computer > Finish > OK
  6. Expand Console Root > Certificates (Local Computer) > Personal > Certificates
  7. You should find the certifcate you have just created
  8. Right click the certificate name and select Properties
  9. Prefix an asterisk to the Friendly Name, i.e. *localhost (so we can change the host name when binding https in IIS Manager)

Now, let’s open up the IIS Manager

  1. Click on the top most level, i.e. the globe and server icon
  2. On the right pane, double click Server Certificates
  3. You should see the certificate you have just created in there too

Create an HTTPS Binding for a website

  1. Click the website you wish to add the binding
  2. On right most pane, click Bindings…
  3. Add > https
    IP Address: All Unassigned
    Port: 443 (or another port if this one is already used)
    SSL Certificate: select the certificate you just created, i.e. *localhost
  4. Enter host name: localhost
  5. On right most pane, click Browse localhost on *:443 (https)

That’s all to it. You can now created as many self-signed certificates as you want for use on development and testing environments.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s