Search This Blog

Monday, October 03, 2011

IIS7–Self Signed Server Certificate

I had to create a self signed certificate to run on an exchange web access site.

After looking around I have found the following Microsoft tool

selfSSL7.exe (it  is for IIS7, there is an selfSSL for IIS 6).


This tool allows you create a certificate for a specified common name, something the GUI in IIS7 does not allow you to do (as it adds the server name).

I had issue running it on the server where IIS was installed, it kept moaning about .net framework issue. I was nervous about messing about on the server with .net so I put selfSSL7.exe on to another IIS7 server.

The command I ran was this, it was for (an example name), with a Key of length 2048, valid for 365 days. It is also exported the file to a pfx file, which would allow me to import to the correct server.

selfssl7 /N /K 2048 /V 365 /X /F .\ .pfx /W <password>

So on the correct server I opened IIS, clicked on the server, and open server certificates. Right clicked and imported the pfx file.

In addition I opened an mmc, with the certificates snap in and imported the certificate into the Trusted Root Certification Authorities. This just allows the server to trust the certificate.

I then jumped into the website bindings in IIS7, and set the https binding to use the new certificate.


No comments:

Post a Comment