Creating Self-Signed Certificate For Development Purposes

First I'll demonstrate how to:

  • Create a self-signed certificate
  • Import certificate into IIS
  • Use the certificate in a website
  • Add the certificate to the Trusted Root Certification Authorities

MakeCert Utility

In IIS we can easily create a self-signed certificate, but it'll not provide the option to provide a Common Name (CN), instead it uses the FQDN of the machine creating the certificate. Although that certificate can be used for development, it'll throw a “Certificate Mismatched” error if the URL is not the same as the FQDN.

So, for providing a specific Common Name (CN), we can use Visual Studio's command line utility makecert.exe. With this utility we can even create a wildcard certificate. The following is the procedure to create a certificate and import it into IIS and then use it in our site.

  1. Create a Root Certificate from the Visual Studio Command Prompt as in the following:

    makecert -n "CN=SPVM Development Root CA,O=SPVM,OU=Development,L=KL,S=KL,C=MY" -r -sv SPVMRootCA.pvk SPVMRootCA.cer

    It'll prompt for a password for the private key, provide a password and click OK.
  2. Create Certificate file from Visual Studio Command Prompt as in the following:

    makecert -n "CN=guest.sp2013vm.com" -ic SPVMRootCA.cer -iv SPVMRootCA.pvk -a sha1 -sky exchange -pe -sv GuestCA.pvk GuestCA.cer

    Or wildcard:

    makecert -n "CN=*.sp2013vm.com" -ic SPVMRootCA.cer -iv SPVMRootCA.pvk -a sha1 -sky exchange -pe -sv GuestCA.pvk GuestCA.cer

    It'll prompt for a password for the issuer (root certificate) and then provide a new password for the child certificate.
  3. Create a pfx file from a pvk as in the following:

    pvk2pfx -pvk GuestCA.pvk -spc GuestCA.cer -pfx GuestCA.pfx -pi <password>

Importing Certificate into IIS

Use the following procedure to configure the certificate into IIS:

  1. Start IIS
  2. Select the server name from the left and then double-click Server Certificate in the middle pane.
  3. Click on the Import button on the Actions menu at the right, an Import Certificate dialog box will be opened.
  4. Click on the … button to import the certificate, a select file dialog box will be opened.
  5. Select the GuestCA.pfx file generated previously.
  6. Type the password used during GuestCA.pfx creation and then click OK.
  7. Your certificate will appear in the Server Certificates.



Bind the Certificate with Site


When you create a https site certificates are always required to be associated with that site, otherwise the site will not work and it'll throw an error.

Create a binding with the site and select the imported certificate as in the following:

  1. Select site from the left pane.
  2. Click on bindings, the Site bindings dialog box will be opened.
  3. Select https from the list and then click on the Edit button.
  4. Select the GuestCA.pfx from the dropdown and then click the OK button.
  5. Then click the OK button on the Site bindings dialog box.
  6. The Certificate is added to your site.



Add the certificate into Trusted Root Certification Authorities


Open the site in Internet Explorer and then click on the certificate and then install the certificate in the “Trusted Root Certification Authorities” folder. This step is required to resolve the error displayed in address bar of browser. And if you are using web-services then this error will stop your web-service to work properly.

  1. Open site in Internet Explorer, you will see certificate error in address bar.
  2. Click on the certificate error, certificate dialog box opened.
  3. Click on the install certificate button, Certificate Import Wizard.
  4. Browse certificate store and select Trusted Root Certification Authorities and click OK.
  5. Click next and OK.
  6. Your certificates is successfully imported into the “Trusted Root Certification Authorities” and refresh the browser, you will see the lock sign appear instead of the error.



Summary


In this article I've explained how to create a self-signed certificate using the makecert.exe utility provided by Visual Studio, then how to import that certificate into IIS and then we have assigned that certificate to a website and finally added that certificate to the Trusted Root Certification Authority.

References

http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx
http://msdn.microsoft.com/en-us/library/bfsktky3%28v=vs.110%29.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff550672%28v=vs.85%29.aspx
http://www.mikeobrien.net/blog/creating-self-signed-wildcard/
http://www.digitallycreated.net/Blog/38/using-makecert-to-create-certificates-for-development
http://msdn.microsoft.com/en-us/library/ff699202.asp


Similar Articles