Sign In / Sign Out
- ASU Home
- My ASU
- Colleges & Schools
- Map & Locations
In a lot of instances, it is not cost effective to get CA signed certificates from commercial providers such as GoDaddy or VeriSign for test or staging servers. In this blog post I will show you how to generate self-signed ssl certificates using IIS Manger and an additional third party tool called SelfSSL7.
Generating a self-signed ssl certificate using IIS Manager (for IIS 7 and IIS 7.5) is trivially easy. Open the IIS Manager on your server click on your site. Click on Server Certificates.
Inside the Server Certificates section, in the Actions pane on the right, click on Create Self Signed Certificate. Enter in your details and you are done. The new cert will now show up in your list of server certificates and you can now bind this certificate to a site.
This process gives you minimal control over your certificate. You cannot alter the expiration dates, choose alternate common names, or control the certificate key length. We faced this issue when we were doing an install on a staging server and needed to create a self-signed cert with a different common name.
Enter SelfSSL7 to the mix. This is an invaluable tool that allows you complete control over self-signed certificate generation. This was a tool that was part of the IIS toolkit for IIS6 and was updated for IIS7. SelfSSL is a command line tool and is available here.
SelfSSL allows you to:
Example configuration code:
SelfSSL7.exe /Q /T /I "Default Web SIte" /n cn=yourSite.asu.edu /K 2048 /V 365
/Q – overwrite existing IIS ssl site bindings.
/T – add the cert to the windows cert store.
/I – Create an IIS site binding
Cn = common name(s). You can have multiple names here.
/K – key length
/V – expiration time