While installing some demo software today, I had to create a self-signed SSL certificate for IIS7. This is a relatively easy thing to do within the IIS7 Manager. However, the certificate that IIS7 generates is only for the machine that it is running on. I need a certificate that has my custom web site domain name on it. As it turns out, Microsoft has eliminated this capability within IIS7, so the easiest way to accomplish this is to use the selfssl tool from IIS6.

It took me a while to figure out, but after some Googling (with much trial and error), here’s what I came up with.

I found a post, Self-Signed Certificates on IIS7, that I used to create and install the certificate.

First, I opened IIS7 Manager, and found the Web Site ID for my web application.

Second, I downloaded, IIS 6 Resources Kit Tools, and installed just the selfssl tool.

Third, I opened an Administrator command prompt and navigated to the selfssl location: C:\Program Files (x86)\IIS Resources\SelfSSL

Fourth, I executed the following command:

selfssl /N:CN=www.larrybrouwer.com /V:10 95 /S:6 /P:8443

 

That completes the configuration on the Server.

Now, on the client, open Internet Explorer with Administrator privileges.

Second, navigate to the secured site. Bypass the security warnings.

Third, view the certificate and Install it to the “Trusted Root Certification Authorities”, “Local Computer”.

Done!