It is often necessary to make use of a self signed certificate to test a basic development or QA environment. These types of certificates are not really production ready as certificate errors will still be thrown on a client browser. For testing though, they can be added to a user’s local certificate store manually to prevent the ugly warnings from being displayed.
Creating a certificate directly through IIS (Server node -> Server Certificates -> “Create self-signed certificate”) is not always ideal. After struggling with a few certificates that were created that way, I found that using two simple commands to create both a custom certificate authority for your certificate as well as the certificate itself yielded much better results allowing me to continue with whatever configuration or testing I had been performing.
These commands make use of the “makecert” tool to create the required entities. Detailed information on the use of the tool can be found here. Makecert is usually included as part of Visual Studio as well as with some other Microsoft software, such as SharePoint. In my case, on a machine with SharePoint installed – the tool was found at the following path:
C:\Program Files\Microsoft Office Servers\15.0\Tools\
First, to create your own custom certificate authority, navigate to the directory where makecert.exe is located and run the following command with adjustments for your requirements:
makecert.exe -n "CN=My Company Development Root CA,O=My Company,
OU=Development,L=Wallkill,S=NY,C=US" -pe -ss Root -sr LocalMachine
-sky exchange -m 120 -a sha1 -len 2048 -r
Once this has been executed, create your self signed certificate using your required domain details and the above certificate authority:
makecert.exe -n "CN=mysubdomain.mydomain.com" -pe -ss My -sr LocalMachine
-sky exchange -m 120 -in "My Company Development Root CA" -is Root
-ir LocalMachine -a sha1 -eku 1.3.6.1.5.5.7.3.1
Once this has been executed successfully, the new self-signed certificate using your custom CA will be available in IIS – visible under server certificates.
TECHMONGREL 