I had to create a self signed certificate to run on an exchange web access site.
After looking around I have found the following Microsoft tool
selfSSL7.exe (it is for IIS7, there is an selfSSL for IIS 6).
Ref: http://blogs.iis.net/thomad/archive/2010/04/16/setting-up-ssl-made-easy.aspx
This tool allows you create a certificate for a specified common name, something the GUI in IIS7 does not allow you to do (as it adds the server name).
I had issue running it on the server where IIS was installed, it kept moaning about .net framework issue. I was nervous about messing about on the server with .net so I put selfSSL7.exe on to another IIS7 server.
The command I ran was this, it was for blinkdinkyowa.blinkydinky.net (an example name), with a Key of length 2048, valid for 365 days. It is also exported the file to a pfx file, which would allow me to import to the correct server.
selfssl7 /N cn=blinkdinkowa.blinkydinky.net /K 2048 /V 365 /X /F .\blinkdinkowa.blinkydinky.net .pfx /W <password>
So on the correct server I opened IIS, clicked on the server, and open server certificates. Right clicked and imported the pfx file.
In addition I opened an mmc, with the certificates snap in and imported the certificate into the Trusted Root Certification Authorities. This just allows the server to trust the certificate.
I then jumped into the website bindings in IIS7, and set the https binding to use the new certificate.
No comments:
Post a Comment