Developers and IT administrators have, no doubt, the need the deploy some website throughHTTPS using an SSL certificate. While this process is pretty straightforward for a production site, for the purposes of development and testing you may find the need to use an SSL certificate here as well.
As an alternate to purchasing and renewing a yearly certificate, you can leverage your WindowsServer’s ability to generate a self signed certificate which is convenient, easy and should meet these types of needs perfectly.
Creating a Self Signed Certificate on IIS
While there are several ways to accomplish the task of creating a self signed certificate, we will use the SelfSSL utility from Microsoft. Unfortunately, this doesn’t ship with IIS but it is freely available as part of the IIS 6.0 Resource Toolkit (link provided at the bottom of this article). Despite the name “IIS 6.0″ this utility works just fine in IIS 7.
All that is required is to extract the IIS6RT to get the selfssl.exe utility. From here you can copy it to your Windows directory or a network path/USB drive for future use on another machine (so you don’t have to download and extract the full IIS6RT).
Once you have the SelfSSL utility in place, run the following command (as the Administrator) replacing the values in <> as appropriate:
selfssl /N:CN=<your.domain.com> /V:<number of valid days>
The example below produces a self signed wildcard certificate against “mydomain.com” and sets it to be valid for 9,999 days. Additionally, by answering yes to the prompt, this certificate is automatically configured to bind to port 443 inside the Default Web Site of IIS.
While at this point the certificate is ready to use, it is stored only in the personal certificate store on the server. It is a best practice to also have this certificate set in the trusted root as well.
