Warning: This post contains some things that are most definitely not "best practice".

The specific bits & pieces that particular care and attention should be paid to are called out in the post itself 

Creating your own certificates for development/test environments - Part 2

Part 1 covered creating a Root Certificate and adding it to the Local Machine trusted store, as two discrete steps. That leaves the remaining two steps for this part:

  1. Creating a certificate for the host(s) that you wish to create HTTPS bindings for
  2. Installing the certificate into IIS and creating bindings

To make it simpler in this part, I'm going to run everything in an administrative command prompt (i.e. elevated) so that certificates can be loaded/saved directly to the Local Machine store by "makecert". This is something that could've been done in part 1 to bypass the need to xport from the Current User certificate store and import into the Local Machine store, but the ins and outs of getting the Certificate stores for the Local Machine on screen is useful to document.

Creating a certificate for the host(s)

I'm going to create a wildcard certificate for *.robertwray.local as this is the domain I use for testing:

PATH_TO_MAKECERT\makecert.exe -n "CN=*.robertwray.local" -pe -ss My -sr LocalMachine -sky exchange -m 120 -in "robertwray.co.uk Dev & Test Root CA" -is Root -ir LocalMachine -a sha256 -eku 1.3.6.1.5.5.7.3.1

Once this command is run and a response of "Succeeded" is received in the console, you should be able to see the certificate in the Certificates view for Local Machine. If it's not visible, refresh the view by right-clicking on the "Certificates (Local Computer)" node, choosing "Refresh" and then re-navigating to the Personal > Certificates folder (make sure you do the "Refresh" at the top-level as just doing it on, for example, the "Certificates" folder doesn't always result in newly created certificates being shown).

Installing the certificate into IIS and creating bindings

Once the certificate has been created (and stored in the Local Machine certificate store), the steps to install the certificate into IIS actually become trivial because it will already be available in IIS. You can verify this by:

  1. Loading IIS Manager
  2. Selecting the local machine in the tree view
  3. Double clicking on "Server Certificates" to open the list of certificates available
  4. Looking for the certificate already created

Assuming that the certificate is there, HTTPS bindings can then be created in the same way as they would be for a certificate obtained from a real Certificate Authority.

About Rob

I've been interested in computing since the day my Dad purchased his first business PC (an Amstrad PC 1640 for anyone interested) which introduced me to MS-DOS batch programming and BASIC.

My skillset has matured somewhat since then, which you'll probably see from the posts here. You can read a bit more about me on the about page of the site, or check out some of the other posts on my areas of interest.

No Comments