Wednesday, March 4, 2009

Creating a self-signed certificate for SSL

In case you want to secure an internal web server with an SSL certificate you normally can get a certificate from your PKI Administrator.

However, if you only want to test something a self-signed certificate will also do the trick. The only drawback: Since it's self-signed, user will get a certificate warning when connecting to the server. For test environment however, this should be okay.

I'm using the MAKECERT.EXE command from Visual Studio for this. The command to create the cert is as follows:

"%ProgramFiles%\Microsoft Visual Studio 8\SDK\v2.0\Bin\makecert" -r -pe -n "CN=my-server.corp.acme.com" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12



@echo.

@echo Now start mmc.exe, add the snap-in "Certificates" and

@echo acceess the certificate store of the local computer.

@echo Below "My certificates" the newly create certifcate will be located!

@echo.



pause


Once this command has completed, open MMC.EXE, add the "Certificates" snap-in, select "Local computer" as the scope and the newly created certificate will be inside the "My certificates" folder.

Enjoy!

No comments:

Post a Comment