Create a certificate with SelfSSL.exe
A newer tool is available : SSLDiag.exeÂ
In the IIS 6 Resource Kit, there’s a tool named SelfSSL.exe. With this tool you can create a certificate without the need of a Certificate Server or a third-party certificate. You can download the Resource Kit here.
After you installed the Resource Kit go to the start menu Programs >> IIS Resources >> SelfSSL >> SelfSSL
Before running the command you need to know the following:
- Website ID (Identifier)
- Common name
- Valid days
Website ID
You can select for which website you want to create a certificate. For this, you need to know the ID (Identifier) of the site. You can get this by opening IIS, select Web Sites and on the right screen this will show all websites, descriptions, host headers, state, IP-addresses and Identifiers. The default website is always ID 1.
Common name
A certificate is always validated against the hostname. If the two are the same and you add the certificate to your own trust root, you will not get a pop-up saying the certificate is not valid. That’s the reason I use the hostname as common name
Valid days
Your certificate is valid for a period of time. You can specify the number of days when the certificate should be valid.
When you have the settings you can run the following command
For example:
- website ID = 123456789
- common name = webmail.domain.com
- valid = 365 days
selfssl /N:CN=webmail.domain.com /V:365 /S:123456789
After running the command you will be prompted to overwrite the settings on the website. When this is done, you can check your site by opening a webbrowser and going to the site (or through IIS Manager).
For the complete commands of SelfSSL.exe type:
selfssl.exe /?
Installs self-signed SSL certificate into IIS.
SELFSSL [/T] [/N:cn] [/K:key size] [/S:site id] [/P:port]
/T Adds the self-signed certificate to “Trusted Certificates”
list. The local browser will trust the self-signed certificate
if this flag is specified.
/N:cn Specifies the common name of the certificate. The computer
name is used if not specified.
/K:key size Specifies the key length. Default is 1024.
/V:validity days Specifies the validity of the certificate. Default is 7 days.
/S:site id Specifies the id of the site. Default is 1 (Default Site).
/P:port Specifies the SSL port. Default is 443.
/Q Quiet mode. You will not be prompted when SSL settings are
overwritten.
The default behaviour is equivalent with:
selfssl.exe /N:CN=LAP4015 /K:1024 /V:7 /S:1 /P:443
thank you very,very,very,very,very,very,very, large…..
simple as this solution may be. point is: if you don’t know it, you just don’t.
i’m so grateful for people who have made the world such a small place through the internet. and thanx to people who offer their assistance freely. your input has made an immense difference…
keep it up….
This article is very useful. Thanks for your support.
How to generate selfsign cert with hostname ?
Post a comment