Issuing your own Server Certificates

When setting up SSL, IIS requires a server certificate to be present. A simple developer setup would be to install certificate services  basically as a stand alone root CA and use it to get your server certificate.

You basically set the sever certificate using IIS snap-in. Navigate to the default website properties and on directory security you can set the server certificate. The point is that when doing this, online requests for server certificates can be made only to local and remote enterprise certificate services and remote standalone certificate services. So this means you would basically have to build an offline request and save the request file. You then submit it to your CA at https://<machinename>/certsrv by selecting

  1. Request a Certificate
  2. Advanced certificate Request
  3. Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

You can then proceed where you left off on the IIS snap-in to setup the cert.
Read More

Comments

  • Anonymous
    May 05, 2006


    The only issue you have to keep in mind is that IE7 will flag your site if
    you are at a machine...